Lucene search
+L

81 matches found

redhat
redhat
added 4 days ago9 views

xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.5AI score0.00212EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/08 8:19 p.m.5 views

CVE-2026-55999

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.7AI score0.00212EPSS
Exploits0References3
nvd
nvd
added 2026/07/08 10:16 a.m.9 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS0.00643EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/08 9:25 a.m.38 views

CVE-2026-56003 libXfont2 computeProps Property Buffer Heap Buffer Overflow

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.5CVSS0.00643EPSS
Exploits0References2
cve
cve
added 2026/07/08 9:25 a.m.20 views

CVE-2026-56003

Summary: CVE-2026-56003 describes a heap buffer overflow in libXfont2’s PCF parsing (ComputeScaledProperties) due to missing size checks, affecting libXfont2 up to version before 2.0.8. Impact per sources: authenticated X clients could trigger code execution in the X server (per NVD entry). Affec...

8.8CVSS6.3AI score0.00643EPSS
Exploits0References2Affected Software1
alpinelinux
alpinelinux
added 2026/07/08 9:25 a.m.9 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS6.3AI score0.00643EPSS
Exploits0
cve
cve
added 2026/07/08 9:12 a.m.19 views

CVE-2026-56002

The CVE-2026-56002 entry describes a heap buffer overflow in libXfont2’s PCF font parsing (pcfReadFont) due to missing glyph bounds checking, affecting libXfont2 before 2.0.8. An authenticated X client could potentially execute code in the X server. The provided metrics indicate a HIGH severity (...

8.8CVSS6.1AI score0.00586EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/08 9:12 a.m.7 views

CVE-2026-56002

A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...

8.5CVSS6.1AI score0.00586EPSS
Exploits0References3
osv
osv
added 2026/07/08 9:12 a.m.2 views

CVE-2026-56002 libXfont2 PCF Font Parsing Heap Buffer Overflow

A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...

8.5CVSS6.2AI score0.00586EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.10 views

PT-2026-56391

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap buffer overflow occurs when parsing PCF files due to missing size checking in the property buffer within the ComputeScaledProperties function. Authenticated X clients can exploit this issue ...

8.8CVSS6.5AI score0.00643EPSS
Exploits0References24
nessus
nessus
added 2026/07/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before...

8.8CVSS6.4AI score0.00643EPSS
Exploits0References2
osv
osv
added 2026/06/26 8:51 p.m.3 views

GHSA-5W7Q-77MV-V69F python-socketio: Binary attachment accumulation can cause denial of service

Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

7.5CVSS5.8AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.14 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References9
redhatcve
redhatcve
added 2026/06/25 10:39 p.m.7 views

CVE-2026-47729

A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. Mitigation When F...

6.5CVSS5.8AI score
Exploits1References4
nvd
nvd
added 2026/06/23 9:16 p.m.8 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/23 8:11 p.m.30 views

CVE-2026-23513 FOSSBilling: Broken Authorization in Client Transaction and Order Listings

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.12 views

Erlang/OTP 信息泄露漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP versions 3.0.1 to 6.0.1, 5.5.2.1, and 5.2.11.8 have a vulnerability known as information leakage. This vulnerability stems from the SSHFXPREADLI...

6.5CVSS5.3AI score0.00277EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/27 9:56 p.m.11 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/27 9:53 p.m.12 views

CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.12 views

PT-2026-44120

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO creates a single shared UFOWebSocketHandler instance that is reused across multiple authenticated WebSocket connections. The handler stores protocol objects for each connection ...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References3
Rows per page
Query Builder