Lucene search
+L

3657 matches found

OSV
OSV
added 2026/05/08 1:26 p.m.2 views

CVE-2026-43316 media: solo6x10: Check for out of bounds chip_id

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.8 views

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

9.8CVSS6AI score0.00704EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.6 views

SUSE CVE-2026-43070

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...

5.8AI score0.00118EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.7 views

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

9.8CVSS6AI score0.00704EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 10:15 a.m.22 views

CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS0.01263EPSS
Exploits0References19
OSV
OSV
added 2026/05/04 9:20 a.m.10 views

CLSA-2026-1777886414 xorg-x11-server-Xwayland: Fix of 3 CVEs

CVE-2026-33999: fix buffer re-use in XkbSetCompatMap ELSCVE-122736 - CVE-2026-34001: fix use-after-free in miSyncTriggerFence ELSCVE-122732 - CVE-2026-34003: add bounds checking in CheckKeyTypes and companion helpers ELSCVE-122740...

7.8CVSS5.9AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:7 a.m.13 views

CLSA-2026-1777885651 tigervnc: Fix of 3 CVEs

CVE-2026-33999: fix buffer re-use in XkbSetCompatMap ELSCVE-122668 - CVE-2026-34001: fix use-after-free in miSyncTriggerFence ELSCVE-122664 - CVE-2026-34003: add bounds checking in CheckKeyTypes and companion helpers ELSCVE-122672...

7.8CVSS5.9AI score0.0038EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-42480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a...

5.5CVSS5.6AI score0.00098EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 2:14 p.m.4 views

CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: move wake reason storage into validated event handlers hcistorewakereason is called from hcieventpacket immediately after stripping the HCI event header but before hcieventfunc enforces the per-event minimum...

8.1CVSS5.8AI score0.00205EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/01 2:14 p.m.12 views

EUVD-2026-26579

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...

5.8AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/01 1:56 p.m.9 views

EUVD-2026-26525

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec-used in journal-replay file record check checkfilerecord validates rec-total against the record size but never validates rec-used. The doaction journal-replay handlers read rec-used from disk and use it to...

5.8AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 1:56 p.m.46 views

CVE-2026-31716

The CVE-2026-31716 entry covers a Linux kernel NTFS3 flaw in journal replay. Description from multiple sources states that check_file_record() validates rec->total against the record size but not rec->used. The journal-replay handlers read rec->used from disk and use it to compute memmov...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the wacomintuosbtirq function in the wacom driver that does not adequately bounds-check Bluetooth HID...

8.1CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/05/01 12:0 a.m.4 views

CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

5.5CVSS6AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36401

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell offset in user queue creation amdgpu userq get doorbell index passes the user-provided doorbell offset to amdgpu doorbell index on bar without bounds checking. An arbitrarily large doorbell offset ca...

5.8AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36510

Name of the Vulnerable Software and Affected Versions miaofng/uds-c versions prior to commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a Description A stack buffer overflow exists in the send diagnostic request function. The issue occurs because a 6-byte stack buffer, defined by MAX DIAGNOSTIC PAYLO...

8.8CVSS6AI score0.00254EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/28 11:19 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper bounds checking in the JSON parsing process. An attacker can cause the application to read memory outside the intended buffer by providing specially crafted JSON input. Remediation Upgrade thrift to...

9.1CVSS5.9AI score0.00967EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 8:50 a.m.8 views

CLSA-2026-1776878817 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

9.8CVSS6.8AI score0.74477EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:39 p.m.5 views

CVE-2026-41475

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS5.7AI score0.00482EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/24 3:16 p.m.6 views

CVE-2026-31622

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...

8.8CVSS0.00281EPSS
Exploits0References9
Rows per page
Query Builder