CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в faad2

An invalid memory address dereference was discovered in the sbrprocesschannel function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. This vulnerability causes a segmentation fault and an application crash, resulting in a denial of service...

5.5CVSS6.7AI score0.01128EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: Fix NULL pointer in skbsegmentlist. The commit 3a1296a38d0c “net: Support GRO/GSO fraglist chaining” introduced a bug where the GRO was processed using a UDP list. The segmentation of data relies on fraglist not being modifi...

5.5CVSS5.7AI score0.00246EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в sqlite3

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 through the idxGetTableInfo function, when a crafted SQL query is executed. NOTE: The vendor disputes the relevance of this report, as the sqlite3.exe user already has full privileges i.e., they are...

7.5CVSS6.8AI score0.03898EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow that leads to a segmentation fault in bfddwarf2findnearestline in dwarf2.c, as demonstrated by the nm tool...

6.5CVSS6.8AI score0.02396EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux – Vulnerability in xorg-server, xwayland

A heap-based buffer overflow vulnerability was discovered in the X.org server’s ProcXIPassiveGrabDevice function. This issue occurs when length values that are swapped in bytes are used in responses, potentially leading to memory leakage and segmentation faults, especially when triggered by a...

7.3CVSS7.5AI score0.00513EPSS

OSV•added 2026/05/20 2:16 a.m.•10 views

ALPINE-CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

5.5CVSS5.8AI score0.00503EPSS

Exploits0References1

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021615)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data...

5.5CVSS6AI score0.00245EPSS

Exploits0References3

OSV•added 2026/05/20 12:0 a.m.•9 views

UBUNTU-CVE-2026-43620

6.9CVSS5.8AI score0.00503EPSS

Exploits0References7

Debian CVE•added 2026/05/19 7:3 p.m.•11 views

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00301EPSS

Exploits1

Rosalinux•added 2026/05/19 2:20 p.m.•10 views

Advisory ROSA-SA-2026-3281

software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...

6.2CVSS5.7AI score0.00159EPSS

Exploits1

IBM Security Bulletins•added 2026/05/18 1:36 p.m.•20 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

6.5CVSS7.5AI score0.01663EPSS

Exploits2

OSV•added 2026/05/18 5:52 a.m.•9 views

BIT-POSTGRESQL-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

8.8CVSS6.2AI score0.004EPSS

SUSE CVE•added 2026/05/16 1:11 a.m.•9 views

SUSE CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

OSV•added 2026/05/14 8:17 p.m.•6 views

Exploits1References3

DEBIAN-CVE-2026-43996

NVD•added 2026/05/14 8:17 p.m.•9 views

Exploits1References1

CVE-2026-43996

5.5CVSS0.00177EPSS

Exploits1References1

OSV•added 2026/05/14 8:17 p.m.•8 views

UBUNTU-CVE-2026-43996

EUVD•added 2026/05/14 7:8 p.m.•10 views

Exploits1References3

EUVD-2026-30417

Debian CVE•added 2026/05/14 7:8 p.m.•10 views

Exploits1References1

CVE-2026-43996

Snyk•added 2026/05/14 3:22 p.m.•12 views

Exploits1

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via integer wraparound in the allocation process. An attacker can execute arbitrary code or cause a segmentation fault by providing specially crafted, large-scale inputs to database functions. Remediation ...

8.8CVSS6.2AI score0.004EPSS