Lucene search
K

174 matches found

RedHat Linux
RedHat Linux
added 4 days ago3 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
EUVD
EUVD
added last week11 views

EUVD-2026-37798

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fixed the element length in servreglocpfrreqei. The element length declared in servreglocpfrreqei does not match the reason field of servreglocpfrreq. This caused a decoding error during PD crashes...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...

6.5CVSS6.7AI score0.0131EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/18 10:13 p.m.4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...

8.3CVSS6.1AI score0.00263EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 9:28 p.m.5 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits2References14
OSV
OSV
added 2026/06/17 8:17 p.m.3 views

DEBIAN-CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50544

Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/12 6:30 p.m.5 views

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

6.3CVSS5.4AI score0.00027EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/09 8:2 a.m.11 views

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch

...

7.8CVSS5.4AI score0.00157EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

6.5CVSS5.4AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:31 a.m.5 views

CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References11
CVE
CVE
added 2026/06/05 10:31 a.m.41 views

CVE-2026-50256

The CVE affects the X.Org X server and Xwayland. A mismatch between the server and libXfont2 regarding maximum font name length (server-allocated 256-byte stack buffer vs libXfont2 name length up to 1024 bytes) allows a font alias name of 257–1023 bytes to overflow the stack during alias resoluti...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References13Affected Software3
Cvelist
Cvelist
added 2026/06/05 10:31 a.m.48 views

CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS0.00157EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/03 6:26 p.m.5 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

8.7CVSS5.5AI score0.00279EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.31 views

SUSE CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7CVSS5.8AI score0.00478EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.12 views

SUSE CVE-2026-46001

In the Linux kernel, the following vulnerability has been resolved: hwmon: pt5161l Fix bugs in pt5161lreadblockdata Fix two bugs in pt5161lreadblockdata: 1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf24, but i2csmbusreadblockdata can return up to I2CSMBUSBLOCKMAX 32 bytes. The...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/27 9:22 p.m.14 views

CVE-2026-46001

A flaw was found in the Linux kernel's hwmon pt5161l driver. The pt5161lreadblockdata function is vulnerable to a buffer overrun, where it can receive more data than its allocated buffer size. This can lead to memory corruption. Additionally, the function may return an unexpected positive value o...

7.8CVSS6AI score0.00129EPSS
Exploits0References4
Rows per page
Query Builder