Lucene search
+L

264 matches found

cvelist
cvelist
added 2026/04/06 3:33 p.m.33 views

CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.4CVSS0.00419EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/06 3:33 p.m.2 views

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/06 3:33 p.m.1 views

CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.4CVSS6AI score0.00419EPSS
Exploits1References9
osv
osv
added 2026/04/06 3:31 p.m.2 views

CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS7.1AI score0.00482EPSS
Exploits1References22
vulnrichment
vulnrichment
added 2026/04/06 3:22 p.m.3 views

CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References4
osv
osv
added 2026/04/06 3:22 p.m.1 views

CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

5.9CVSS6AI score0.00255EPSS
Exploits1References6
euvd
euvd
added 2026/04/06 3:21 p.m.5 views

EUVD-2026-19305

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS6AI score0.00283EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/06 3:21 p.m.4 views

CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.9AI score0.00283EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2026/04/06 3:21 p.m.40 views

CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS0.00283EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/04/06 12:0 a.m.4 views

PT-2026-30662

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.1.0 through 3.2.6, versions prior to 3.3.9, and versions prior to 3.4.9 Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw in the internal exr undo piz function. Specifically, t...

8.8CVSS5.9AI score0.00611EPSS
Exploits3References91
nvd
nvd
added 2026/04/05 1:17 p.m.8 views

CVE-2026-5566

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public...

9CVSS0.00472EPSS
Exploits0References4
euvd
euvd
added 2026/04/05 6:32 a.m.14 views

EUVD-2026-19038

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS6.3AI score0.00472EPSS
Exploits0References5
nvd
nvd
added 2026/04/05 6:16 a.m.9 views

CVE-2026-5544

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS0.00472EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/05 12:0 a.m.10 views

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formRemoteControl, which could lead to...

9CVSS7.7AI score0.00472EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/05 12:0 a.m.8 views

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formNatStaticMap, specifically the...

9CVSS7.7AI score0.00472EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2026/04/03 9:53 p.m.8 views

@budibase/backend-core (>=3.0.0 <=3.2.26), @budibase/bbui (>=3.0.0 <=3.2.26) +6 more potentially affected by CVE-2026-25044 via @budibase/shared-core (>=3.0.0 <=3.2.7)

@budibase/shared-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-25044 Source advisory: SNYK:JS-BUDIBASESHAREDCORE-15917501...

8.8CVSS5.8AI score0.00466EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/03 9:34 p.m.11 views

@budibase/cli (>=0.0.1 <=3.2.26), @budibase/pro (>=0.0.1 <=3.2.26) +4 more potentially affected by CVE-2026-31818 via @budibase/backend-core (>=0.0.1 <=3.2.7)

@budibase/backend-core NPM version =0.0.1, =0.0.1, =0.0.1, =0.0.999-alpha.30, =0.0.1, =3.2.26 - @devlego/server =1.1.29-alpha.1 - @devlego/worker =1.1.29-alpha.1 Source cves: CVE-2026-31818 Source advisory: OSV:GHSA-7R9J-R86Q-7G45...

9.9CVSS5.8AI score0.00377EPSS
Exploits1
osv
osv
added 2026/04/01 10:4 a.m.3 views

CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.9CVSS6.8AI score0.04518EPSS
Exploits3References41
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.6 views

PT-2026-28655

Name of the Vulnerable Software and Affected Versions UTT HiPER 1250GW versions up to 3.2.7-210907-180535 Description A security issue has been identified in UTT HiPER 1250GW. A buffer overflow can occur due to manipulation of the GroupName argument within the strcpy function located in the...

9CVSS5.9AI score0.00472EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.8 views

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by a buffer overflow vulnerability in the strcpy function used in the file/goform/setSysAdm,...

9CVSS7.6AI score0.00507EPSS
Exploits0References4
Rows per page
Query Builder