Lucene search
+L

4259 matches found

Cvelist
Cvelist
added 2026/04/28 4:43 p.m.70 views

CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

0.00358EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:43 p.m.5 views

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/28 4:43 p.m.20 views

EUVD-2026-26071

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

6.5CVSS5.5AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 4:43 p.m.33 views

CVE-2026-6238

GLIBC: The deprecated debugging functions ns_printrrf, ns_printrr and fp_nquery in GNU C Library (glibc) 2.2 and newer fail to validate RDATA against its length for DNS LOC, CERT, TKEY or TSIG records. This may let an attacker craft a DNS response that crashes a target application or reads uninit...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/28 1:19 p.m.6 views

CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

7.3CVSS0.00237EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/28 1:19 p.m.6 views

CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

7.3CVSS5.8AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 11:58 a.m.43 views

CVE-2026-5435

CVE-2026-5435 affects the GNU C Library (glibc) where deprecated functions for printing TSIG records (ns_printrrf, ns_printrr, fp_nquery) do not respect caller buffer lengths, enabling an out-of-bounds write in versions 2.2 and newer. This can lead to a denial of service and, in some scenarios, p...

7.3CVSS5.5AI score0.00237EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 11:58 a.m.18 views

CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

5.5AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 11:58 a.m.7 views

CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

5.5AI score0.00237EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/28 11:58 a.m.6 views

EUVD-2026-26036

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

7.3CVSS5.5AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35713

Name of the Vulnerable Software and Affected Versions glibc versions 2.2 and newer Description The deprecated functions ns printrrf, ns printrr, and fp nquery fail to enforce the caller-supplied buffer length. This can lead to an out-of-bounds write, which occurs when data is written outside the...

7.3CVSS5.9AI score0.00237EPSS
Exploits0References38
NVD
NVD
added 2026/04/24 8:16 p.m.16 views

CVE-2026-41503

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

8.7CVSS0.00415EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 7:41 p.m.40 views

CVE-2026-41503

Technical details about CVE-2026-41503 are not publicly available in the provided documents. Monitor for updates from official advisories.

8.7CVSS5.7AI score0.00415EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 7:41 p.m.11 views

CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

8.7CVSS5.7AI score0.00415EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 7:41 p.m.43 views

CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

8.7CVSS0.00415EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 7:41 p.m.4 views

CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

8.7CVSS6.2AI score0.00415EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/24 7:39 p.m.3 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS5.7AI score0.00482EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 7:39 p.m.53 views

CVE-2026-41475

Summary: CVE-2026-41475 affects the BACnet Stack library. Prior to version 1.4.3, the WritePropertyMultiple service decoder is vulnerable to an out-of-bounds read caused by wpm_decode_object_property() invoking the deprecated decode_tag_number_and_value() function, which performs no bounds checki...

9.1CVSS5.7AI score0.00482EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/24 7:39 p.m.3 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS6.2AI score0.00482EPSS
Exploits1References3
OSV
OSV
added 2026/04/23 9:15 p.m.5 views

GHSA-C2JG-5CP7-6WC7 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7.1AI score0.00701EPSS
Exploits1References4
Rows per page
Query Builder