2961 matches found
CVE-2026-1678
dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...
CVE-2026-1678 dns: memory‑safety issue in the DNS name parser
dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...
EUVD-2026-9792
dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...
CVE-2026-1678
CVE-2026-1678 affects Zephyr’s DNS name parser. The function dns_unpack_name() caches the buffer tailroom and reuses it when appending DNS labels; as the buffer grows, the cached size can become incorrect, allowing the final null terminator to be written past the buffer. With assertions disabled ...
CVE-2026-1678
dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...
CVE-2026-29125 IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due to world-writable `/etc/resolv.conf`
IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...
Zephyr 安全漏洞
Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. Versions of Zephyr prior to 4.3.0 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the tail space in the buffer used by the dnsunpackname function, which could lead...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has security vulnerabilities; these vulnerabilities stem from the...
Eclipse Jetty 输入验证错误漏洞
Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Eclipse Jetty has a vulnerability related to input validation, which stems from differences between the URI resolver and other common resolvers. This vulnerability may lead to...
PT-2026-23121
Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description The device sets the /etc/resolv.conf file to be world-writable, allowing any local user to modify DNS configuration. This can lead to DNS resolver tampering, potentiall...
PT-2026-23408
Name of the Vulnerable Software and Affected Versions Zephyr RTOS affected versions not specified Description The dns unpack name function in Zephyr RTOS contains a flaw where it caches the buffer tailroom and reuses it when appending DNS labels. As the buffer expands, the cached size becomes...
CVE-2026-0024
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0024
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0024
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0024
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0024
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0024
The CVE-2026-0024 issue is in Android’s MediaProvider.java (isRedactionNeededForOpenViaContentResolver). A missing permission check could reveal the location of media, causing local information disclosure with no extra privileges and without user interaction. The connected sources (NVD, Red Hat, ...
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...
ASB-A-444671303
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CLSA-2026-1772114900 glibc: Fix of CVE-2026-0915
CVE-2026-0915: fix leak of stack contents to configured DNS resolver when resolving a zero-valued network via getnetbyaddr/getnetbyaddrr with DNS NSS backend; sanitize network value and avoid passing uninitialized stack data to resolver...