Lucene search
K

116 matches found

OSV
OSV
added last week6 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.8 views

coreutils security update

An update is available for coreutils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The coreutils packages contain the GNU Core Utilities and represent a...

4.4CVSS6AI score0.00224EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 3:32 p.m.6 views

Moderate: Red Hat Security Advisory: coreutils security update

An update for coreutils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

4.4CVSS5.8AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:18 p.m.8 views

OESA-2026-2410 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

9.8CVSS5.9AI score0.00451EPSS
Exploits2References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in htmldoc

A buffer under-reading issue based on stacks in the htmldoc before version 1.9.12 allows attackers to cause a denial of service by using a crafted BMP image with the imageloadbmp function...

5.5CVSS5.7AI score0.00871EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 2:45 p.m.9 views

BIT-JAVA-MIN-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-5928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character...

7.5CVSS6AI score0.00345EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/20 9:31 p.m.10 views

EUVD-2026-23980

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

6AI score0.00345EPSS
Exploits1References2
NVD
NVD
added 2026/04/20 9:16 p.m.4 views

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

7.5CVSS0.00345EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 8:37 p.m.1 views

CVE-2026-5928 Potential buffer under-read in ungetwc

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

7.5CVSS6.1AI score0.00345EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/20 8:37 p.m.9 views

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

7.5CVSS5.5AI score0.00345EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:37 p.m.6 views

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

6AI score0.00345EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 8:37 p.m.33 views

CVE-2026-5928 Potential buffer under-read in ungetwc

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

0.00345EPSS
Exploits1References1
CVE
CVE
added 2026/04/20 8:37 p.m.43 views

CVE-2026-5928

CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...

7.5CVSS6AI score0.00345EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.17 views

PT-2026-33852

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...

9.8CVSS5.3AI score0.00451EPSS
Exploits2References35
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.1 : coreutils (EulerOS-SA-2026-1420)

According to the versions of the coreutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program ma...

4.4CVSS5.9AI score0.00224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-1166)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an...

5.2CVSS6AI score0.00756EPSS
Exploits1References5
Mageia
Mageia
added 2026/01/28 10:42 p.m.59 views

Updated glib2.0 packages fix security vulnerabilities

Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...

9.8CVSS7AI score0.00767EPSS
Exploits1References2
OSV
OSV
added 2026/01/28 10:42 p.m.5 views

MGASA-2026-0023 Updated glib2.0 packages fix security vulnerabilities

Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...

9.8CVSS6.8AI score0.00767EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

MiracleLinux 7 : ruby-2.0.0.648-36.el7 (AXSA:2019-4276:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4276:03 advisory. ruby: HTTP response splitting in WEBrick CVE-2017-17742 ruby: DoS by large request in WEBrick CVE-2018-8777 ruby: Buffer under-read in Stringunpack...

9.8CVSS6.9AI score0.10552EPSS
Exploits0References10
Rows per page
Query Builder