Lucene search
K

506 matches found

OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1954 Invalid char to bool conversion when printing a tensor

Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...

4.8CVSS6AI score0.00389EPSS
Exploits0References7
PyPA
PyPA
added 2026/07/07 2:34 p.m.6 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-939 Invalid char to bool conversion when printing a tensor

Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...

4.8CVSS7.1AI score0.00389EPSS
Exploits0References7
PyPA
PyPA
added 2026/07/07 10:17 a.m.5 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/07/06 8:42 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the bdfchar process when attacker-controlled dimensions from a BDF font file are passed to Image.new without invoking the decompressionbombcheck function. An attacker can cause excessive...

8.7CVSS6AI score0.00364EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/30 11:20 a.m.7 views

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 5:17 p.m.3 views

DEBIAN-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 3:43 p.m.5 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52504

Name of the Vulnerable Software and Affected Versions socat versions 1.8.0.0 through 1.8.1.1 Description A heap-based buffer overflow exists in the SOCKS5 DOMAINNAME reply parser during proxy connection setup. The issue stems from a sign-extension flaw where the domain name length byte is read as...

9.8CVSS6.6AI score0.00308EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2026/06/17 1:55 a.m.13 views

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 8:39 a.m.73 views

BIT-APACHE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 3:19 p.m.169 views

CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

0.00486EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 1:18 p.m.10 views

CLSA-2026-1779887887 Fix CVE(s): CVE-2026-7258

SECURITY UPDATE: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-7258...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 2:8 p.m.19 views

CLSA-2026-1779121308 php: Fix of 3 CVEs

CVE-2026-7258: fix signed-char passing to ctype.h functions in urldecode and url parsing GHSA-m8rr-4c36-8gq4 - CVE-2026-7262: fix NULL check in tozvalmap using wrong variable xmlKey instead of xmlValue, causing crash in SOAP typemap decoding GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer...

7.5CVSS5.9AI score0.0078EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the files MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned char, and...

5.5CVSS6.7AI score0.00982EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in imagemagick

A vulnerability was discovered in ImageMagick, causing a value that is outside the representable range for the type ‘unsigned char’ at coders/psd.c, when crafted or untrusted input is processed. This results in a negative impact on the availability of the application or other problems related to...

7.8CVSS6.9AI score0.01327EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: wmi: Fixed the issue of opening character devices Since the commit fa1f68db6ca7 “drivers: misc: passed the miscdevice pointer through file private data”, the miscdevice stores a pointer to itself within...

7.8CVSS6.1AI score0.00263EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in imagemagick

An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values that are outside the representable range for ‘unsigned char’. When ImageMagick processes a specially crafted PDF file, this...

5.5CVSS6.9AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:24 p.m.7 views

CLSA-2026-1779183103 vim: Fix of 6 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in updatetopline when screen is invalid - CVE-2022-1616: tighten appendcommand loop bound + pre-write length check to avoid buffer overflow with composing chars - CVE-2022-2042: initialize attr in spellmoveto and capture emptyline before mlgetbuf invalidates...

8.4CVSS7.3AI score0.02645EPSS
Exploits6References1
OSV
OSV
added 2026/05/18 5:38 p.m.25 views

CLSA-2026-1779125894 php: Fix of 7 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...

9.8CVSS5.9AI score0.0078EPSS
Exploits0References1
Rows per page
Query Builder