Lucene search
K

153 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

7.1CVSS6.1AI score0.00272EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 5:16 p.m.10 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS0.00272EPSS
Exploits0References6
OSV
OSV
added 2026/06/19 5:16 p.m.4 views

UBUNTU-CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/19 4:28 p.m.5 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/19 4:28 p.m.33 views

CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 4:28 p.m.33 views

CVE-2026-56209

CVE-2026-56209 concerns libaom’s SVC layer: a missing bounds check in the SVC layer ID control function lets an attacker inject an arbitrary pointer into the cyclic refresh map when processing frames, enabling an encoder to write about 1,200 bytes to attacker-controlled memory. This vulnerability...

7.1CVSS6AI score0.00272EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/19 4:28 p.m.4 views

CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:28 p.m.6 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/19 4:28 p.m.14 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References5
NVD
NVD
added 2026/05/15 3:16 a.m.14 views

CVE-2025-0028

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability...

8.3CVSS0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 1:52 a.m.17 views

CVE-2025-0028

The AMD PMF (Platform Management Framework) vulnerability CVE-2025-0028 stems from an unchecked return value in the PMF that could enable a local attacker to read or modify an arbitrary address, risking confidentiality, integrity, and availability. The issue is tied to the AMD chipset driver/PMF ...

8.3CVSS5.9AI score0.00104EPSS
Exploits0References1
Redos
Redos
added 2026/05/06 12:0 a.m.9 views

ROS-20260506-73-0022

Vulnerability in tomcat10 related to url redirection to untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to an arbitrary url address...

6.1CVSS5.9AI score0.00526EPSS
Exploits0
NVD
NVD
added 2026/04/20 4:16 p.m.6 views

CVE-2026-25883

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

5.8CVSS0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.8 views

NovumOS 安全漏洞

NovumOS is an 32-bit protected mode operating system developed by MinecAnton209. Versions of NovumOS prior to 0.24 contained security vulnerabilities. These vulnerabilities stemmed from system call 15, which allowed Ring 3 user-mode processes to map arbitrary virtual address ranges into their own...

9CVSS5.9AI score0.00213EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.6 views

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS6.2AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:27 p.m.28 views

CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application...

7.8CVSS6.8AI score0.00876EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-2509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process,...

7.8CVSS6AI score0.00112EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 6:31 p.m.5 views

EUVD-2026-8860

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.6AI score0.00186EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 4:24 p.m.6 views

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 9:15 p.m.9 views

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.3CVSS0.00112EPSS
Exploits0References1
Rows per page
Query Builder