Lucene search
K

22 matches found

Cvelist
Cvelist
added 2026/07/08 7:34 p.m.32 views

CVE-2026-59936 pypdf: Possible infinite loop for not terminated inline images

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56547

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.1 Description An attacker can craft a PDF file with a page content stream containing an unterminated inline image. This leads to an infinite loop during the detection of the inline image end marker, which can occur...

8.7CVSS6AI score0.00345EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/11 8:49 p.m.43 views

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

7.1CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 8:49 p.m.8 views

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 8:49 p.m.3 views

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

7.1CVSS6AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39849

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description An out-of-bounds read occurs during DHCP option parsing within the dhcp message type function because the software fails to verify that the options pointer remains within the received packet...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.8 views

SUSE CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

5.8AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-43043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 3:16 p.m.6 views

CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

5.5CVSS0.00114EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.29 views

CVE-2026-43043 crypto: af-alg - fix NULL pointer dereference in scatterwalk

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

0.00114EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 2:15 p.m.7 views

EUVD-2026-26642

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

5.8AI score0.00114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.3 views

CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

5.8AI score0.00114EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/01 2:15 p.m.25 views

CVE-2026-43043

The CVE describes a Linux kernel vulnerability in the AF_ALG crypto interface where chaining a new af_alg_tsgl structure can leave the end marker of the previous Scatter/Gather List uncleared when a sendmsg exactly fills MAX_SGL_ENTS. This causes sg_next() to return NULL, potentially leading to a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/01 2:15 p.m.2 views

CVE-2026-43043 crypto: af-alg - fix NULL pointer dereference in scatterwalk

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the AFALG interface failing to clear the end marker of the previous SGL when linking a new SGL, causing the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 9:36 p.m.29 views

EUVD-2025-35625

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

8.7CVSS6.3AI score0.00402EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/06/19 3:45 a.m.6 views

SUSE CVE-2022-49973

In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in skmsgrecvmsg Fix one kernel NULL pointer dereference as below: 224.462334 Call Trace: 224.462394 tcpbpfrecvmsg+0xd3/0x380 224.462441 ? sockhasperm+0x78/0xa0 224.462463 tcpbpfrecvmsg+0x12e/0x220...

5.5CVSS6AI score0.002EPSS
Exploits0References3
OSV
OSV
added 2024/11/05 5:15 p.m.7 views

AZL-52816 CVE-2024-50090 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...

5.5CVSS6.5AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 5:15 p.m.6 views

UBUNTU-CVE-2024-50090

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...

5.5CVSS6.4AI score0.00203EPSS
Exploits0References19
OSV
OSV
added 2024/09/06 3:15 p.m.2 views

UBUNTU-CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder