Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-57295

Name of the Vulnerable Software and Affected Versions FreeRDP versions 3.21.0 through 3.27.0 Description FreeRDP clients using the GFX pipeline contain an incomplete fix in the planar decompress plane rle only function within libfreerdp/codec/planar.c. This allows a malicious RDP server to send a...

9.8CVSS6.1AI score0.00698EPSS
Exploits3References13
Ubuntu
Ubuntu
added 2026/05/26 8:39 p.m.19 views

USN-7972-2: OpenCC vulnerability

USN-7972-1 fixed a vulnerability in OpenCC. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to...

5.5CVSS6.1AI score0.0023EPSS
Exploits1
OSV
OSV
added 2026/03/29 3:27 p.m.4 views

GHSA-7FQQ-Q52P-2JJG OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...

6.5CVSS6AI score
Exploits0References5
Cvelist
Cvelist
added 2026/03/26 7:40 p.m.33 views

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

0.00405EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 7:40 p.m.2 views

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS6.6AI score0.00405EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenCC vulnerability (USN-7972-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7972-1 advisory. It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to crash,...

5.5CVSS5.8AI score0.0023EPSS
Exploits1References2
OSV
OSV
added 2026/01/21 5:35 p.m.6 views

USN-7972-1 opencc vulnerability

It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to crash, resulting in a denial of service...

5.5CVSS5.8AI score0.0023EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.9 views

CVE-2025-49601

A flaw was found in mbedtls. The mbedtlslmsimportpublickey function fails to validate input buffer size before reading a 32-bit field, potentially leading to an out-of-bounds read when processing truncated input. This flaw allows a network-based attacker to trigger this condition by providing a...

6.5CVSS6.3AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2025/07/04 3:15 p.m.15 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS0.00259EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 3:15 p.m.5 views

ALPINE-CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.8AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 12:0 a.m.40 views

CVE-2025-49601

CVE-2025-49601 affects MbedTLS 3.3.0 through 3.6.3 (fixed in 3.6.4). The issue is in mbedtls_lms_import_public_key, which reads a 4-byte type indicator before validating the input size. If the input LMS public-key buffer is truncated to fewer than four bytes, this allows an out-of-bounds read, po...

6.5CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/04 12:0 a.m.15 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

4.8CVSS0.00259EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/04 12:0 a.m.3 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.5AI score0.00259EPSS
Exploits0
Rows per page
Query Builder