Lucene search
K

4197 matches found

OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-FM7P-MPRW-WJM9 Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

3.3CVSS6.7AI score0.00308EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. For the same reasons described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”, ath9khtcrxmsg should validate the...

6AI score0.00195EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: New folios are initialized before being used. KMSAN reports an uninitialized value in longestmatchstd, which is called from ntfscompresswrite. When new folios are allocated without being marked as “uptodate”, and...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: asixmdioread: Fix for uninit-value in asixmdioread. asixreadcmd may read less than sizeofsmsr bytes, and in this case, smsr will be uninitialized. Bug reports: BUG: KMSAN: uninit-value in asixcheckhostenable...

7.1CVSS6.4AI score0.00219EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in vDPA with the VDUSE backend. Currently, there are no checks in the VDUSE kernel driver to ensure that the size of the device configuration space is consistent with the features advertised by the VDUSE user-space application. In the event of a mismatch, the Virtio driver...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Qemu

An information disclosure vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw resides in the virglcmdgetcapsetinfo function in contrib/vhost-user-gpu/virgl.c, and can occur due to the reading of uninitialized memory...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Check the length of skb for an unknown CC opcode. In hcicmdCompleteevt, if the command completion event has an unknown opcode, we assume that the first byte of skb-data contains the return status. However, th...

5.7AI score0.00162EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Uninitialized memory in a canvas object could have led to an incorrect free operation, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

8.8CVSS7.3AI score0.01406EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in glibc

Using wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library, from version 2.0 to version 2.42, may cause the interface to return uninitialized memory in the wewordv member. This could lead to the process being aborted upon subsequent calls to wordfree...

7.5CVSS7.1AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:28 p.m.5 views

MGASA-2026-0224 Updated opensc packages fix security vulnerabilities

CVE-2025-66038 Memory corruption via improper compact-TLV length validation CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses CVE-2025-66037 Out-of-bounds read via...

6.8CVSS5.3AI score0.00282EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 1:17 p.m.8 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2026 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

9.8CVSS6.6AI score0.01279EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/06/17 2:3 p.m.5 views

GHSA-5JV2-G5WQ-CMR4 vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...

5.3CVSS5.7AI score0.00281EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/14 3:17 p.m.96 views

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

CVE-2025-14847-mongobleed CVE-2025-14847 mongobleed python fil...

8.7CVSS6AI score0.83007EPSS
Exploits39
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS5.5AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35853

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS5.5AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 10:33 p.m.45 views

CVE-2026-9754 Stack memory disclosure in filemd5 command

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 4:51 p.m.10 views

CVE-2026-46326

A flaw was found in the Linux kernel, specifically within the iio: pressure: mprls0025pa driver. This vulnerability is due to improper initialization of the spitransfer structure, which is not consistently zeroed out before use. This could allow an attacker to potentially read sensitive informati...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:28 p.m.11 views

CVE-2026-46329

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability occurs due to improper handling of I/O requests that extend beyond the end of a file-backed filesystem. An attacker could potentially exploit this to read uninitialized memory, leading to information disclosure. This issu...

5.5CVSS5.5AI score0.00156EPSS
Exploits0References4
Rows per page
Query Builder