Lucene search
K

1746 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-14192)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an ncinputpacket call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

9.8CVSS6.8AI score0.02666EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14193)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfsreadlinkreply, in the if block after calculating the new path length. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

9.8CVSS6.8AI score0.02403EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-13104)

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the whole stack while reading a crafted ext4 filesystem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

7.8CVSS6.7AI score0.01118EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14195)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfsreadlinkreply in the else block after calculating the new path length. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

9.8CVSS6.8AI score0.0235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14198)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv3 case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

9.8CVSS6.8AI score0.0235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.3 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14194)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv2 case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

9.8CVSS7.3AI score0.0235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-14199)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an udppackethandler call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

9.8CVSS6.8AI score0.0235EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 6:16 p.m.13 views

CVE-2026-47223

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

5.4CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48944

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

5.4CVSS5.3AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/07 12:8 p.m.14 views

EUVD-2026-34990

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...

8.7CVSS5.6AI score0.00542EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

7.1CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.13 views

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

7.1CVSS5.7AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:31 p.m.12 views

EUVD-2026-34324

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6.2AI score0.0032EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 3:49 p.m.20 views

EUVD-2026-34115

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

5.9AI score0.00136EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46253

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

5.9AI score0.00136EPSS
Exploits0References9Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7CVSS5.9AI score0.00142EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 10:16 a.m.14 views

CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00142EPSS
Exploits0References12
OSV
OSV
added 2026/05/28 10:16 a.m.15 views

UBUNTU-CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 9:36 a.m.14 views

EUVD-2026-32772

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

5.9AI score0.00142EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.13 views

SUSE CVE-2026-45990

In the Linux kernel, the following vulnerability has been resolved: slub: fix data loss and overflow in krealloc Commit 2cd8231796b5 "mm/slub: allow to set node and align in kvrealloc" introduced the ability to force a reallocation if the original object does not satisfy new alignment or NUMA nod...

5.5CVSS6AI score0.00133EPSS
Exploits0References3
Rows per page
Query Builder