Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.10 views

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3266 (ALAS-2026-3266)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3266 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding...

5.1CVSS5.8AI score0.00195EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.15 views

PT-2026-33852

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...

9.8CVSS5.3AI score0.00451EPSS
Exploits2References35
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

5.8CVSS6AI score0.02286EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-5.4.16-48.0.5.el7.AXS7 (AXSA:2025-9709:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9709:01 advisory. CVE-2024-8929: fix various heap buffer over-reads CVEs: CVE-2024-8929 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile...

5.8CVSS6AI score0.02286EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-62493

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digit...

6.5CVSS5.8AI score0.00348EPSS
Exploits1References3
OSV
OSV
added 2025/10/16 4:15 p.m.4 views

UBUNTU-CVE-2025-62493

A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. The function determines the number of characters ndigits...

6.5CVSS5.8AI score0.00348EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.8 views

PT-2025-42490

Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description An issue exists in the QuickJS engine’s BigInt string conversion logic within the js bigint to string1 function. This is due to an incorrect calculation of the required number of digits,...

6.5CVSS6.1AI score0.00348EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-9573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could...

8.1CVSS7AI score0.02565EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 p.m.6 views

CVE-2020-0143

In nfadmndeffindnexthandler of nfadmndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for...

4.4CVSS4.9AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 7:18 p.m.12 views

BIT-PHP-MIN-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server...

5.8CVSS7.6AI score0.02286EPSS
Exploits1References4
OSV
OSV
added 2024/05/14 3:11 p.m.8 views

AZL-40520 CVE-2024-27282 affecting package ruby for versions less than 3.3.3-1

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

6.6CVSS6.9AI score0.00629EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.5 views

Facebook Hermes 资源管理错误漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a...

7.5CVSS7.3AI score0.00644EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/01/22 12:0 a.m.35 views

openSUSE 15 Security Update : stb (openSUSE-SU-2022:0018-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:0018-1 advisory. - An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading ...

7.1CVSS7.5AI score0.0136EPSS
Exploits1References4
OSV
OSV
added 2020/02/04 9:15 p.m.4 views

ALPINE-CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

7.5CVSS6.5AI score0.10493EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/08/01 6:29 a.m.30 views

CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap...

8.1CVSS6.8AI score0.02565EPSS
Exploits1References4
OSV
OSV
added 2018/08/01 6:29 a.m.5 views

DEBIAN-CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap...

8.1CVSS7.1AI score0.02565EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2016/12/27 12:0 a.m.6 views

PT-2018-5094 · Openjpeg +4 · Openjpeg +4

Name of the Vulnerable Software and Affected Versions: OpenJPEG version 2.1.2 Description: An out-of-bounds read issue was found in the j2k to image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from t...

9.8CVSS6.8AI score0.08253EPSS
Exploits16References128
Rows per page
Query Builder