59 matches found
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL versions prior to 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22. When modifying certain SQL array values, missing bounds checks allow authenticated database users to write arbitrary bytes into a wide range of server memory. The greatest threa...
BIT-GOLANG-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption...
PT-2025-49082
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to out-of-bounds read access within the qede tpa cont and qede tpa end functions. The loops in these functions iterate over the cqe-len list...
xorg: xmayland: Value overflow in XkbSetCompatMap()
A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...
CryptoLib 安全漏洞
CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib versions prior to 1.4.2, which stems from a lack of bounds checking in the CryptoKeyupdate function, and coul...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986671 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for...
SUSE-SU-2025:20747-1 Security update for net-tools
This update for net-tools fixes the following issues: - Fixed stack buffer overflow in parsehex, procgenfmt, ax25 and netrom bsc1248687 - CVE-2025-46836: Fixed stack buffer overflow caused by the absence of bound checks bsc1243581...
Security update for net-tools
This update for net-tools fixes the following issues: Fixed stack buffer overflow in parsehex, procgenfmt, ax25 and netrom bsc1248687 CVE-2025-46836: Fixed stack buffer overflow caused by the absence of bound checks bsc1243581 Patch Instructions: To install this SUSE update use the SUSE recommend...
Security update for net-tools
This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:20566-1 Security update for net-tools
This update for net-tools fixes the following issues: - Provide more readable error for interface name size checking bsc1243581 - Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836...
Linux Distros Unpatched Vulnerability : CVE-2025-37749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ppp: Add bound checking for skb data on pppsynctxmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents...
PT-2025-18430
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns a potential out-of-bounds access in the Linux kernel when processing short packets. Specifically, in the ppp sync txmung function, there is a risk of accessing data...
DEBIAN-CVE-2024-41017
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist...
CVE-2021-47609 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpipd-name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name...
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
...
GHSA-875G-MFP6-G7F9 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
RUSTSEC-2024-0002 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
Divide By Zero
libjasper.so is vulnerable to Denial of Service DoS. The vulnerability is due to missing bound checks in the jpcenc.c file, which can result in a divide by zero bug leading to a Denial of Service DoS...