11670 matches found
CVE-2026-50185 RustCrypto Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits ar...
CVE-2026-48045
The CVE-2026-48045 issue affects python-zeroconf (Zeroconf Pure Python) where AsyncListener.handle_query_or_defer retains every truncated TC-bit mDNS query per source in self._deferred[addr] and arms per-address timers in self._timers[addr]. This unbounded queue growth on LAN-local hosts (UDP/535...
CVE-2026-40469
A flaw was found in gawk. An integer overflow vulnerability exists in the dosub routine, which could allow an attacker to overwrite internal program data. This can lead to a denial of service DoS by causing the gawk program to crash. This issue affects 32-bit builds of gawk...
gawk: gawk: Denial of Service due to integer overflow
A flaw was found in gawk. An integer overflow vulnerability exists in the dosub routine, which could allow an attacker to overwrite internal program data. This can lead to a denial of service DoS by causing the gawk program to crash. This issue affects 32-bit builds of gawk...
JLSEC-2026-695 The X25519 x86_64 assembly implementation fails to clear the most significant bit during the...
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
JLSEC-2026-709
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
2026-07 .NET 9.0.18 Security Update for x64 Client (KB5104033)
2026-07 .NET 9.0.18 Security Update for x64 Client KB5104033...
2026-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5099535)
2026-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems KB5099535...
2026-07 .NET 10.0.10 Security Update for x86 Client (KB5104034)
2026-07 .NET 10.0.10 Security Update for x86 Client KB5104034...
2026-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5099535)
2026-07 Cumulative Update for Windows Server 2016 for x64-based Systems KB5099535...
2026-07 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5101007)
2026-07 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5101007...
2026-07 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5099539)
2026-07 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems KB5099539...
DEBIAN-CVE-2026-59199
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste, Image.crop, or Image.alphacomposite. This issue is fixed in version 12.3.0...
CVE-2026-59199
Pillow (Python imaging library) prior to 12.3.0 is affected by a heap out-of-bounds write in public image coordinate APIs when coordinates near signed 32-bit limits are provided to Image.paste(), Image.crop(), or Image.alpha_composite(). The issue is fixed in 12.3.0. Affected component: Pillow’s ...
PT-2026-58090
Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description Public image coordinate APIs in the Pillow Python imaging library can trigger a native heap out-of-bounds write. This occurs when coordinates near the signed 32-bit integer limits are provided to the...
CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...
CVE-2026-40469
Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...
CVE-2026-40469
Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...
CVE-2026-40469
In the provided documents, CVE-2026-40469 affects gawk, specifically 32-bit builds in versions 5.4.0 and earlier. The root cause is an integer overflow in the do_sub (subroutine) path within builtin.c, which could allow overwriting heap metadata and related objects, potentially causing the progra...
EUVD-2026-43494
Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...