Lucene search
+L

274 matches found

OSV
OSV
added 3 days ago3 views

CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS6.1AI score0.0045EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation

On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation

On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.33 views

CVE-2026-21368 Out-of-bounds Write in Camera Driver

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...

5.3CVSS0.0006EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when parsing jpeg commands. This is caused by unaccounted extra writes to the buffer during validation checks. Recommendations At the...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Buffer validation was corrected by including the size of the null-terminating character in the EA length. The smb2setea function, which handles Extended Attributes EA, conducted buffer validation checks that incorrectly...

5.8AI score0.00168EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/18 8:18 p.m.7 views

CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS6AI score0.00267EPSS
Exploits0
EUVD
EUVD
added 2026/06/09 6:30 p.m.16 views

EUVD-2026-35462

Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS5.4AI score0.00323EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Morse Micro HaLowLink 安全漏洞

Morse Micro HaLowLink is a series of long-range wireless gateway devices developed by Morse Micro Corporation. Versions of Morse Micro HaLowLink prior to 2.2.11.13 contained security vulnerabilities. These vulnerabilities stemmed from the use of the IE length field as the size parameter for the...

9.8CVSS6.2AI score0.00567EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-46140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes a...

7.1CVSS6AI score0.00131EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 12:59 p.m.12 views

CVE-2026-46234

A flaw was found in the Linux kernel's vsock component. This vulnerability stems from an incorrect order in which buffer sizes are validated, allowing a local user to set a minimum buffer size larger than the maximum. This can cause the socket's memory to exceed its defined boundaries, potentiall...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 12:56 p.m.3 views

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

5.5CVSS6AI score0.00122EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 12:0 a.m.9 views

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

Arm NN 安全漏洞

Arm NN is an open-source machine learning inference engine optimized for the Arm architecture, developed by Arm Software. Versions of Arm NN prior to 2026-03-27 contained a security vulnerability. This vulnerability stemmed from integer overflow in the TensorShape::GetNumElements function, which...

6.2CVSS6AI score0.00132EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 12:12 p.m.25 views

CVE-2026-43495

CVE-2026-43495 concerns the Linux kernel net/wwan/t7xx subsystem. The issue arises in t7xx_port_enum_msg_handler, which uses a modem-provided port_count to loop over port_msg->data[] without ensuring the message buffer is long enough, enabling a potential slab-out-of-bounds read when port_coun...

8.8CVSS5.9AI score0.00272EPSS
Exploits0References7Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The validation of the request buffer size was added in smb2allocaterspbuf. The response buffer should be allocated in smb2allocaterspbuf before validation of the request. However, fields within the payload as well as the...

7.8CVSS6AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k: Fixed corruption of SKBs in the REO destination ring. While running traffic for a long time, a random RX descriptor filled with the value “0” from the REO destination ring is received. This invalid descriptor...

5.5CVSS6.2AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 p.m.17 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:3 p.m.37 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS0.00186EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2026/05/12 12:0 a.m.14 views

Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreSymbolication framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...

3.3CVSS5.1AI score0.00487EPSS
Exploits0References1
Rows per page
Query Builder