Lucene search
K

8 matches found

OSV
OSV
added 2026/06/15 8:13 p.m.4 views

GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.2CVSS5.6AI score0.00228EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.11 views

SUSE CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/27 3:39 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the parseinterface function. An attacker can cause a crash of the application by providing a crafted USB configuration descriptor, such as via virtualized USB passthrough, file-based descriptor parsing, or...

6.9CVSS5.8AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.13 views

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS0.00184EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/27 1:21 p.m.14 views

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 1:21 p.m.12 views

EUVD-2026-32502

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/27 1:20 p.m.9 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2012/02/21 2:25 a.m.5 views

kernel: excessive in kernel CPU consumption when creating large nested epoll structures

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls...

4.9CVSS7.3AI score0.00795EPSS
Exploits1References4
Rows per page
Query Builder