Lucene search
+L

300 matches found

redhat
redhat
added 3 days ago4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS6.2AI score0.00157EPSS
Exploits0References7
cvelist
cvelist
added 6 days ago33 views

CVE-2026-55782 NanaZip: Unbounded memory allocation (DoS) in NanaZip WebAssembly parser via attacker-controlled section/name length fields

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS0.00113EPSS
Exploits0References5
cve
cve
added 6 days ago9 views

CVE-2026-55782

NanaZip (a 7-Zip derivative) is affected by an unbounded memory allocation vulnerability in its WebAssembly archive handler (NanaZip.Codecs.Archive.WebAssembly.cpp). The issue arises when buffers are allocated from attacker-controlled 32-bit section and custom-name length fields without cross-che...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References5
osv
osv
added 6 days ago3 views

CVE-2026-55782 NanaZip: Unbounded memory allocation (DoS) in NanaZip WebAssembly parser via attacker-controlled section/name length fields

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References7
redhat
redhat
added 2026/07/07 6:28 a.m.4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS6.2AI score0.00157EPSS
Exploits0References7
redhat
redhat
added 2026/07/07 6:9 a.m.4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS6.2AI score0.00157EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/07/01 3:33 a.m.8 views

CVE-2026-7831 UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score0.00525EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 3:33 a.m.8 views

EUVD-2026-40883

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score0.00525EPSS
Exploits0References2
cve
cve
added 2026/07/01 3:33 a.m.21 views

CVE-2026-7831

UltraVNC viewer

7.6CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.14 views

PT-2026-54487

Name of the Vulnerable Software and Affected Versions UltraVNC viewer versions prior to 1.8.2.3 Description An off-by-one stack buffer overflow exists in the RFB ServerInit message handler within the vncviewer/ClientConnection.cpp file. When a server-supplied nameLength is exactly 2024, the...

7.6CVSS6.2AI score0.00525EPSS
Exploits0References8
osv
osv
added 2026/06/30 11:39 p.m.5 views

BIT-ENVOY-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References2
nvd
nvd
added 2026/06/26 6:16 p.m.7 views

CVE-2026-48497

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

7.5CVSS0.00405EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 5:32 p.m.36 views

CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS0.00405EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 5:32 p.m.9 views

EUVD-2026-39821

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/26 5:32 p.m.8 views

CVE-2026-48497

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/26 5:32 p.m.4 views

CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS6AI score0.00405EPSS
Exploits0References3
cve
cve
added 2026/06/26 5:32 p.m.27 views

CVE-2026-48497

CVE-2026-48497 affects Envoy and relates to the UDP DNS filter. Before versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a query with a DNS name of exactly 255 octets (local or remote resolution) can trigger abnormal process termination due to an invalid runtime precondition that the name must be str...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.11 views

PT-2026-52890

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References19
osv
osv
added 2026/06/25 5:17 p.m.3 views

DEBIAN-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/25 3:43 p.m.5 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0
Rows per page
Query Builder