Lucene search
+L

3081 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

8.8CVSS6AI score0.00385EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52298

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where firmware-supplied data size is cast to a signed integer before being processed by the min t function. When large unsigned values greater...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-b...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52229

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/umem component where the linearization of mapping when using an iommu can result in a single large block split across multiple SG entries. The function rdma...

9.8CVSS6AI score0.0053EPSS
Exploits0References402
CVE
CVE
added 2026/06/24 9:30 p.m.26 views

CVE-2026-53765

CVE-2026-53765 / GHSA-3PVJ-JV98-QHJQ affects chrome-devtools-mcp (Chrome DevTools for agents). The vulnerability occurs when the daemon writes its PID file to a deterministic runtime path under /tmp on POSIX systems (macOS or Linux with XDG_RUNTIME_DIR unset). The code uses fs.writeFileSync() wit...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fixed a potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can originate from the user space of the hidraw driver and is bounded b...

7.8CVSS6AI score0.00142EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: a fix was made to avoid potential deadlocks. As reported by Jiaming Zhang and syzbot, there is a potential deadlock in f2fs as follows: A chain exists of: &sbi-cprwsem → fsreclaim → sbinternal2 Possible unsafe locking...

5.8AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses. On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses located physically beyond the 32-bit address limit. This issue was...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm, shmem: preventing infinite loops in truncate race conditions. When truncating a large swap entry, shmemfreeswap returns 0 when the entry’s index does not match the given index due to lookup alignment issues. The failure...

5.7AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the data-race warning and potential load/store tearing issues. Fixed the following issue: BUG: KCSAN: A data-race occurred in rxrpcpeerkeepaliveworker and rxrpcsenddatapacket. This issue relates to reads and write...

4.7CVSS5.9AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:59 p.m.6 views

GHSA-R6FJ-869H-4F6Q OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport can forward a...

8.7CVSS5.9AI score0.00167EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 11:54 p.m.28 views

CVE-2026-10651

The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...

7.1CVSS6.1AI score0.00183EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:55 p.m.43 views

CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

5.3CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:55 p.m.20 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 9:55 p.m.4 views

CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 6:16 p.m.16 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux

The bpf verifier in the Linux kernel failed to properly handle truncation of the mod32 destination register when the source register was known to be 0. A local attacker who had the ability to load bpf programs could exploit this vulnerability by performing out-of-bounds reads in kernel memory,...

7.8CVSS6.8AI score0.0061EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:28 p.m.8 views

MGASA-2026-0223 Updated libupnp packages fix security vulnerability

Port truncation via atoi cast in parseuri allows SSRF port confusion. CVE-2026-41682...

6.9CVSS5.2AI score0.00346EPSS
Exploits0References4
Mageia
Mageia
added 2026/06/18 9:28 p.m.17 views

Updated libupnp packages fix security vulnerability

Port truncation via atoi cast in parseuri allows SSRF port confusion. CVE-2026-41682...

6.9CVSS5.2AI score0.00346EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/17 2:3 p.m.16 views

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...

7.5CVSS5.6AI score0.00281EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder