247 matches found
EUVD-2026-42960
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
CVE-2026-39244
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
CVE-2026-47224
Summary: CVE-2026-47224 affects NanaZip on Windows: a heap buffer-overflow read in the LVM2 physical-volume metadata parser (via the upstream 7-Zip LvmHandler) can be triggered by opening a crafted LVM disk image. Affected are NanaZip versions 3.0.1000.0 through 6.0.1697.999; the issue is fixed i...
CVE-2026-47224 NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...
PT-2026-48408
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and lea...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...
CVE-2026-46043
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before payloadsize is used. However, payloadsize subtracts both the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: Fixed the use of an array that was used outside of its scope in crct10difarch. Fixed a silly bug where an array was used beyond its scope...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64/crc-t10dif: Fixed the use of an array that was used outside of its scope in crct10difarch. Fixed a silly bug where an array was used beyond its scope...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdccrtcsetcrcsource, the struct drmcrtc was dereferenced before the pointer check by the containerof function. This could cause a kernel panic. Fix this “match warning”:...
EUVD-2025-209779
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
CVE-2025-40946 affects a wide range of blueplanet devices (NX3/TL3/TL3-S/TL3-GEN2, gridsafe, hybrid) across many models and versions. The root cause is a CRC16-based algorithm used to generate Technical Service credentials, which could enable an attacker to derive credentials from a device serial...
MINI-CRC8-QFVJ-5CG2
Bulletin has no description...
SUSE CVE-2026-31570
In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...