Lucene search
K

5087 matches found

OSV
OSV
added 2026/05/13 12:0 a.m.8 views

MAL-2026-3651 Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.15 views

SUSE CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/08 11:7 a.m.14 views

CVE-2026-37540

A flaw was found in OpenAMP. An integer overflow vulnerability exists in the ELF loader's firmware image parsing, specifically within elfloader.c. This flaw occurs when multiplying two attacker-controlled 16-bit values from the ELF header without proper overflow checking. On 32-bit embedded...

9.8CVSS6AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 8:27 a.m.15 views

CLSA-2026-1777969446 binutils: Fix of 8 CVEs

CVE-2021-45078: fix heap-based buffer overflow in stabxcoffbuiltintype - CVE-2021-46174: fix buffer overflow in readsectionstabsdebugginginfo - CVE-2022-44840: fix heap buffer overflow in findsectioninset - CVE-2022-45703: fix heap buffer overflow in displaygdbindex - CVE-2022-47695: fix...

7.8CVSS7AI score0.01312EPSS
Exploits8References1
OSV
OSV
added 2026/05/05 2:54 a.m.8 views

CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

6.2CVSS6.1AI score0.00261EPSS
Exploits7References1
OSV
OSV
added 2026/05/03 9:56 a.m.5 views

OESA-2026-2152 binutils security update

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

5CVSS5.7AI score0.00141EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

openSUSE 16 Security Update : radare2 (openSUSE-SU-2026:20653-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20653-1 advisory. Changes in radare2: - Update to version 6.1.4 bsc1262142, CVE-2026-40499: Analysis: improve autoname scoring, jmptbl detection, and performance...

10CVSS6.9AI score0.01184EPSS
Exploits3References18
OSV
OSV
added 2026/05/01 6:16 p.m.2 views

DEBIAN-CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS6AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/05/01 6:16 p.m.8 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/05/01 6:16 p.m.2 views

DEBIAN-CVE-2026-21996

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

5.5CVSS6AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/01 5:53 p.m.33 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS0.00108EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/01 5:53 p.m.13 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS5.8AI score0.00108EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/01 5:53 p.m.4 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/01 5:51 p.m.7 views

EUVD-2026-26700

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

3.3CVSS5.8AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 5:51 p.m.12 views

CVE-2026-21996

CVE-2026-21996 affects dtrace: an unprivileged, local attacker can trigger a crash in the dtrace process by feeding a malicious ELF binary, caused by an integer Divide-by-Zero in Pbuild_file_symtab(). Several advisories (e.g., Oracle ELSA-2026-50249) indicate a security update addressing this iss...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/01 5:51 p.m.10 views

CVE-2026-21996

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

3.3CVSS5.8AI score0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 5:51 p.m.3 views

CVE-2026-21996

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

3.3CVSS5.8AI score0.0011EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 5:51 p.m.6 views

CVE-2026-21996

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

5.5CVSS5.8AI score0.0011EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/01 5:51 p.m.39 views

CVE-2026-21996

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuildfilesymtab...

3.3CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/05/01 5:16 p.m.20 views

CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

9.8CVSS0.00253EPSS
Exploits0References3
Rows per page
Query Builder