Lucene search
K

606 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/03 3:50 p.m.7 views

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

5.8AI score0.00088EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/03 3:50 p.m.27 views

CVE-2026-46272

The CVE-2026-46272 issue is a race in the Linux kernel CoreSight TMC ETR driver that occurs when sysfs and perf modes are enabled concurrently. A WARN_ON in tmc_etr_enable_hw() can trigger due to a race between the two critical regions (sysfs buffer allocation vs. hardware enablement). The fix ad...

4.7CVSS5.9AI score0.00088EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.19 views

SUSE CVE-2026-46188

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a bo leak that occurs when the xedmabufinitobj function fails during allocation in the drm/xe...

5.8AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.42 views

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

0.00116EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is based on multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained a security vulnerability caused by integer overflow during the allocation of packet capture buffers,...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 12:0 a.m.22 views

CVE-2026-48690

CVE-2026-48690 affects FastNetMon Community Edition up to v1.2.9. The issue is an integer overflow in the packet capture buffer allocation: allocate_buffer() computes memory_size_in_bytes as buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon...

7.1CVSS6AI score0.00116EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Check for NULL cpubuffer in ringbufferwakewaiters On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx23885 – Fixed a nullptrderef bug in bufferprepare and bufferfinish. When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer risc-cpu. Later...

5.5CVSS5.4AI score0.00151EPSS
Exploits0References2
RustSec
RustSec
added 2026/05/15 12:0 p.m.15 views

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

7.5CVSS6.2AI score0.00263EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/14 7:9 p.m.37 views

CVE-2026-43905 OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.1CVSS0.00173EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 7:9 p.m.20 views

CVE-2026-43905

OpenImageIO CVE-2026-43905 affects the JPEG2000 path when built with OpenJPH. In jpeg2000input.cpp:395, buffer size is computed as w * h * ch * buffer_bpp using 32-bit signed arithmetic, so when the product exceeds INT_MAX the result wraps to 0 or a small value. This yields an undersized m_buf an...

7.8CVSS6AI score0.00173EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/14 10:27 a.m.52 views

CVE-2026-8295 Integer overflow in simdjson

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

6.9CVSS0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40904

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string builder::escape and append" when processing very large input strings on platforms with limited "size t" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

6.9CVSS5.9AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 6:16 p.m.18 views

CVE-2026-44004

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

8.6CVSS0.00424EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/13 5:31 p.m.61 views

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

7.5CVSS0.00424EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:31 p.m.12 views

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

7.5CVSS6AI score0.00424EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:31 p.m.27 views

CVE-2026-44004

CVE-2026-44004 affects vm2, an open‑source VM/sandbox for Node.js. Before version 3.11.0, sandboxed code can call Buffer.alloc() with any size, allocating host-heap memory directly via a synchronous C++ call; vm2’s timeout cannot interrupt such calls. A single request can exhaust memory and crash...

8.6CVSS6AI score0.00424EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder