Lucene search
K

5114 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-47106

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43273

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A stack-based buffer overflow exists in the BGP NLRI Network Layer Reachability Information decoder. The function decode bgp subnet encoding ipv4 raw in src/bgp protocol.cpp rea...

9.8CVSS6.5AI score0.01645EPSS
Exploits1References22
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-46875

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/25 9:15 p.m.14 views

EUVD-2026-31745

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

4.8CVSS5.3AI score0.00176EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-46106

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd process thread start thread...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.12 views

PT-2026-45894

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd decode ihevcd cxa api function...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/22 4:16 p.m.6 views

DEBIAN-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.13 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References6
OSV
OSV
added 2026/05/22 4:16 p.m.8 views

UBUNTU-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 3:1 p.m.11 views

EUVD-2026-31449

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.8 views

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

5.8AI score0.00478EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/22 5:32 a.m.9 views

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

8.7CVSS5.8AI score0.00359EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:29 a.m.10 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:29 a.m.9 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.14 views

SUSE CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS5.9AI score0.00318EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from creating ed25519.PrivateKey by forced conversion of format-errorsed bytes in the...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/21 1:24 p.m.9 views

CVE-2026-44070

A flaw was found in Netatalk. An attacker with low privileges could exploit an unbounded reallocation realloc vulnerability during charset conversion. This could lead to a Denial of Service DoS due to excessive memory consumption...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 8:16 a.m.11 views

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:35 a.m.7 views

EUVD-2026-31217

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS5.9AI score0.00318EPSS
Exploits0References1
Rows per page
Query Builder