Lucene search
K

785 matches found

Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-57567

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An out-of-bounds write exists in the WireGuard subsystem within the wg process data message function located in wg crypto.c. The issue occurs when an inbound transport-data payload is linearized into a fixed po...

7.4CVSS6.2AI score0.00367EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:10 a.m.7 views

CVE-2026-9267

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS6AI score0.00173EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.8 views

Bluetooth: RFCOMM: validate skb length in MCC handlers

...

8.1CVSS5.8AI score0.00283EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS6AI score0.00544EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/06/26 12:0 a.m.2 views

The vulnerability of the mm/mempool module in Linux operating systems allows a hacker to cause a service failure or memory corruption.

The vulnerability of the mm/mempool module in Linux operating systems is related to access to a buffer with an incorrect length value. Exploiting this vulnerability can allow an attacker to cause service failures or memory corruption...

7.1CVSS6.2AI score0.00156EPSS
Exploits0References13Affected Software6
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53254

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

8.1CVSS5.7AI score0.00283EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.33 views

CVE-2026-53179 staging: rtl8723bs: fix buffer over-read in rtw_update_protection

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52982

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

5.6AI score0.00543EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.2 views

CVE-2026-52982 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

9.8CVSS5.8AI score0.00543EPSS
Exploits0References11
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54257

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...

9.3CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 11:58 p.m.21 views

CVE-2026-10658

CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/18 10:13 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...

8.3CVSS6.1AI score0.00263EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/15 8:20 p.m.5 views

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...

9.3CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:20 p.m.7 views

GHSA-Q6M5-F73J-M9MC Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...

9.3CVSS5.8AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.15 views

CVE-2026-1950

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability...

9.8CVSS5.6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.13 views

CVE-2026-1951

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...

9.8CVSS5.7AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.15 views

CVE-2026-5071

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

7.8CVSS5.9AI score0.00167EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.17 views

PT-2026-45078

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan frame object using only a NET ASSERT statement in zcan sendto ctx before dereferencing it in socketcan to can frame. In production builds where assertions are disabled, a userspace application that...

6.1CVSS5.9AI score0.00167EPSS
Exploits1References2
OSV
OSV
added 2026/05/29 1:34 p.m.22 views

OESA-2026-2492 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...

9.8CVSS5.9AI score0.00554EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.11 views

SUSE CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

6.3CVSS5.8AI score0.00131EPSS
Exploits0References3
Rows per page
Query Builder