Lucene search
K

620 matches found

OSV
OSV
added 2026/06/12 2:10 p.m.2 views

CVE-2026-45416 Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS6.1AI score0.00461EPSS
Exploits0References14
CVE
CVE
added 2026/06/12 2:10 p.m.317 views

CVE-2026-45416

Netty CVE-2026-45416 affects pre-4.1.135.Final and pre-4.2.15.Final versions. In SslClientHelloHandler.decode(), the 24-bit TLS handshake length is read and, if a ClientHello does not fit in the first record, Netty eagerly allocates ctx.alloc().buffer(handshakeLength). If maxClientHelloLength is ...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References12Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.24 views

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...

8.8CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2026/06/08 5:16 p.m.9 views

UBUNTU-CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

5.5CVSS5.3AI score0.001EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 3:46 p.m.29 views

CVE-2026-46305

CVE-2026-46305 affects the Linux kernel, specifically the staging/rtl8723bs path. The issue arises when kzalloc_flex()’s return value is used without checking for allocation failure, leading to a potential NULL pointer dereference when accessing the allocated structure. The fix guards access to t...

5.5CVSS5.4AI score0.001EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44004

A flaw was found in vm2 before 3.11.0. Sandboxed code can call Buffer.alloc with arbitrary size to allocate on the host heap synchronously; vm2 timeout cannot interrupt the native C++ call, allowing a single request to exhaust host memory and crash the process. Fixed in 3.11.0...

8.6CVSS6AI score0.00424EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:50 p.m.7 views

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

5.8AI score0.00088EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/03 3:50 p.m.28 views

CVE-2026-46272

The CVE-2026-46272 issue is a race in the Linux kernel CoreSight TMC ETR driver that occurs when sysfs and perf modes are enabled concurrently. A WARN_ON in tmc_etr_enable_hw() can trigger due to a race between the two critical regions (sysfs buffer allocation vs. hardware enablement). The fix ad...

4.7CVSS5.9AI score0.00088EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.19 views

SUSE CVE-2026-46188

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a bo leak that occurs when the xedmabufinitobj function fails during allocation in the drm/xe...

5.8AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-48690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the...

7.1CVSS6.2AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.42 views

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

0.00116EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is based on multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained a security vulnerability caused by integer overflow during the allocation of packet capture buffers,...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 12:0 a.m.24 views

CVE-2026-48690

CVE-2026-48690 affects FastNetMon Community Edition up to v1.2.9. The issue is an integer overflow in the packet capture buffer allocation: allocate_buffer() computes memory_size_in_bytes as buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon...

7.1CVSS6AI score0.00116EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Check for NULL cpubuffer in ringbufferwakewaiters On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx23885 – Fixed a nullptrderef bug in bufferprepare and bufferfinish. When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer risc-cpu. Later...

5.5CVSS5.4AI score0.00151EPSS
Exploits0References2
RustSec
RustSec
added 2026/05/15 12:0 p.m.16 views

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

7.5CVSS6.2AI score0.00263EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/14 7:9 p.m.37 views

CVE-2026-43905 OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.1CVSS0.00173EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 7:9 p.m.21 views

CVE-2026-43905

OpenImageIO CVE-2026-43905 affects the JPEG2000 path when built with OpenJPH. In jpeg2000input.cpp:395, buffer size is computed as w * h * ch * buffer_bpp using 32-bit signed arithmetic, so when the product exceeds INT_MAX the result wraps to 0 or a small value. This yields an undersized m_buf an...

7.8CVSS6AI score0.00173EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder