Lucene search
K

3513 matches found

CVE
CVE
added yesterday13 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score
Exploits0References3Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-12413

The CVE-2026-12413 issue affects Libreswan’s pluto daemon and is triggered by an invalidly formatted IKEv2 fragment. The root cause is an off-by-one error in the assertion within reassemble_v2_incoming_fragments(), which can cause the daemon to abort when handling certain outer payloads that are ...

7.5CVSS6.4AI score
Exploits0References2
NVD
NVD
added 3 days ago11 views

CVE-2026-7831

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS0.00416EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-44042

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00313EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40883

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score0.00416EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00313EPSS
Exploits0References2
CVE
CVE
added 3 days ago5 views

CVE-2026-44042

UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict > check to ensure output fits the buffer, but the correct condition is >=. When strlen(authdata) ...

3.7CVSS6AI score0.00313EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-40877

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00313EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40445

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

4.8CVSS6AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-56361

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

7.1CVSS0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-56361 ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

4.8CVSS0.00128EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-56361

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation that allows out-of-bounds heap buffer reads. The vulnerability can be triggered by incorrect morphology parameters, causing heap buffer overflow and single-pixel memory access violations. Documented across multiple ...

7.1CVSS6AI score0.00128EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-56361

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

7.1CVSS6AI score0.00128EPSS
Exploits0
NVD
NVD
added 4 days ago9 views

CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

8.6CVSS0.00293EPSS
Exploits1References3
OSV
OSV
added 4 days ago3 views

UBUNTU-CVE-2026-58010

A flaw was found in GLib. An off-by-one error can occur in the gvstupleisnormal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses instead of =, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information...

8.2CVSS5.7AI score0.00322EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

7.3CVSS5.8AI score0.00293EPSS
Exploits1References4
CVE
CVE
added 4 days ago7 views

CVE-2026-58014

GLib contains an off-by-one flaw in g_key_file_get_locale_string_list (gkeyfile.c) that triggers when loading a key file with an empty value. The issue allows an out-of-bounds access of one byte and can cause denial of service if the access crosses a page boundary. Affected component is GLib’s ke...

8.6CVSS5.8AI score0.00293EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder