Lucene search
K

206 matches found

EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24628

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.7AI score0.00102EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/22 7:55 a.m.7 views

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.6AI score0.00117EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 6:7 a.m.12 views

CVE-2026-6839

The vulnerability CVE-2026-6839 affects Samsung ONE (Open Source ONE). Root cause: improper validation of STRING tensor offsets during constant tensor import, which can trigger out-of-bounds access. Affected versions are prior to commit 1.30.0. Impact described by CVSS: LOCAL attacker with low at...

6.6CVSS5.7AI score0.00102EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/22 12:32 a.m.18 views

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.6AI score0.00117EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011252 advisory. In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in...

5.8AI score0.00171EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:19 p.m.9 views

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

5.2CVSS5.7AI score0.00198EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/14 12:42 a.m.14 views

CLEANSTART-2026-WA14162 Delete function fails to properly validate offsets when processing malformed JSON input

Multiple security vulnerabilities affect the prometheus package. The Delete function fails to properly validate offsets when processing malformed JSON input. See references for individual vulnerability details...

9.8CVSS6.7AI score0.01557EPSS
Exploits3References21
OSV
OSV
added 2026/04/10 12:45 a.m.8 views

CLEANSTART-2026-JY63371 Delete function fails to properly validate offsets when processing malformed JSON input

Multiple security vulnerabilities affect the prometheus package. The Delete function fails to properly validate offsets when processing malformed JSON input. See references for individual vulnerability details...

9.8CVSS7.1AI score0.01557EPSS
Exploits3References21
SUSE CVE
SUSE CVE
added 2026/03/28 12:27 a.m.11 views

SUSE CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

5.5CVSS5.9AI score0.0075EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/26 8:16 p.m.10 views

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

7.5CVSS6.3AI score0.0075EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/26 7:40 p.m.33 views

CVE-2026-32285 Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

0.0075EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 7:40 p.m.46 views

CVE-2026-32285

The CVE-2026-32285 vulnerability involves the Delete function failing to validate offsets when processing malformed JSON, which can cause a negative slice index and a runtime panic, enabling a denial-of-service. Connected advisories confirm this CVE with affected packages including rclone and cri...

7.5CVSS5.8AI score0.0075EPSS
Exploits1References20Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:40 p.m.4 views

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

7.5CVSS5.8AI score0.0075EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/26 7:40 p.m.5 views

EUVD-2026-16345

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

5.8AI score0.0075EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/26 7:40 p.m.2 views

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

7.5CVSS6AI score0.0075EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the failure to correctly validate offsets when processing JSON inputs with formattin...

7.5CVSS6.4AI score0.0075EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 1:15 a.m.3 views

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS0.00608EPSS
Exploits0References10
OSV
OSV
added 2026/03/20 12:49 a.m.4 views

CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS5.8AI score0.00608EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/03/20 12:49 a.m.23 views

CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS0.00608EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 12:49 a.m.5 views

EUVD-2026-13426

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS5.7AI score0.00608EPSS
Exploits0References3
Rows per page
Query Builder