Lucene search
+L

1198 matches found

euvd
euvd
added yesterday3 views

EUVD-2026-44965

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...

6.1AI score
Exploits0References3
osv
osv
added 2026/07/09 12:54 p.m.3 views

OESA-2026-2958 nmap security update

Nmap "Network Mapper" is a free and open source license utility for network discovery and security \ auditing. It was designed to rapidly scan large networks, but works fine against single hosts. Security Fixes: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
osv
osv
added 2026/07/09 12:53 p.m.3 views

OESA-2026-2932 libidn security update

GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn's purpose is to encode and decode internationalized domain names. Security Fixes: GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs...

4CVSS6.1AI score0.0011EPSS
Exploits1References2
nessus
nessus
added 2026/07/09 12:0 a.m.10 views

AlmaLinux 9 : gstreamer1-plugins-ugly-free (ALSA-2026:36674)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:36674 advisory. gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser CVE-2026-53703 gstreamer1-plugins-ugly-free:...

7.1CVSS6.2AI score0.00228EPSS
Exploits0References4
osv
osv
added 2026/07/05 6:50 p.m.2 views

OPENSUSE-SU-2026:21239-1 Security update for python-msgpack

This update for python-msgpack fixes the following issue - CVE-2026-57585: reusing an Unpacker instance after an error has been caught can lead to an out-of-bounds read bsc1269947...

7.5CVSS6AI score0.00278EPSS
Exploits0References2
susecve
susecve
added 2026/07/05 1:58 a.m.6 views

SUSE CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References4
nvd
nvd
added 2026/07/04 12:17 p.m.9 views

CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

0.00267EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/26 7:34 a.m.6 views

CVE-2026-53138

A flaw was found in the Linux kernel's AMD display drm/amd/display driver. A malformed VBIOS image can cause unbounded processing loops, leading to an out-of-bounds read. This could result in information disclosure or a system crash...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/25 11:54 p.m.7 views

CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

9.1CVSS5.9AI score0.00547EPSS
Exploits0References4
nvd
nvd
added 2026/06/25 2:16 p.m.9 views

CVE-2026-4526

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 2:16 p.m.7 views

CVE-2026-47154

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS0.00249EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 1:43 p.m.34 views

CVE-2026-47154 Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS0.00249EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 1:32 p.m.35 views

CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
cve
cve
added 2026/06/25 1:32 p.m.18 views

CVE-2026-4526

EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

8.1CVSS0.00283EPSS
Exploits0References6
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid was vulnerable to out-of-bound reads when handling ICP traffic. This issue allowed a remote attacker to access small amounts of memory that might contain sensitive information, by responding with...

6.9CVSS7AI score0.01039EPSS
Exploits0References3
nessus
nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-10645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zephyr ext2 filesystem driver subsys/fs/ext2 trusted the on-disk directory entry fields dereclen and denamelen when walking a directory block...

5.5CVSS6.1AI score0.0011EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/22 9:19 p.m.26 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
mageia
mageia
added 2026/06/18 9:28 p.m.10 views

Updated opensc packages fix security vulnerabilities

CVE-2025-66038 Memory corruption via improper compact-TLV length validation CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses CVE-2025-66037 Out-of-bounds read via...

6.8CVSS5.2AI score0.00282EPSS
Exploits2References3
redhat
redhat
added 2026/06/17 1:20 a.m.8 views

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

8.2CVSS5.5AI score0.00463EPSS
Exploits0References5
Rows per page
Query Builder