Lucene search
K

101 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42436

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

3.7CVSS6AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.2 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from the lack of FORTIFYSOURCE...

3.7CVSS6AI score0.00335EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: Use the “buf” flexible array as the destination for memcpy. The “buf” flexible array must be used as the destination for memcpy to avoid false positive run-time warnings caused by the recent FORTIFYSOURCE hardening measures:...

5.5CVSS5.3AI score0.00179EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use an array declaration instead of a char. Under CONFIGFORTIFYSOURCE, memcpy will check the size of the destination and source buffers. Defining kernelheadersdata as “char” would trigger this check. Since these address...

5.8AI score0.00191EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check for struct nfctarget arrays While running with CONFIGFORTIFYSOURCE=y, syzkaller reported the following issue: memcpy: A field-spanning write was detected size 129 of the single field “target-sensfres” at...

7.1CVSS6.1AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy In preparation for FORTIFYSOURCE, we are performing compile-time and run-time field bounds checking for memcpy, memmove, and memset. Avoid intentionally writing across neighboring fields...

7.8CVSS6.6AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo structure has a flexible array member named options, which is protected by the countedbyoptionslen attribute. The compiler uses this information to...

5.5CVSS5.6AI score0.00124EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/20 12:0 a.m.7 views

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

8.6CVSS6AI score0.00151EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/18 1:24 a.m.3 views

CVE-2026-40489 editorconfig-core-c has incomplete fix for CVE-2023-0341

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

8.6CVSS6.1AI score0.00965EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:24 a.m.3 views

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

8.6CVSS7.5AI score0.00965EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.7 views

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References8
OSV
OSV
added 2026/02/04 5:16 p.m.6 views

UBUNTU-CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

5.8AI score0.00168EPSS
Exploits0References16
EUVD
EUVD
added 2026/02/04 4:7 p.m.3 views

EUVD-2026-5485

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

5.3AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/02/04 4:7 p.m.19 views

CVE-2026-23059

In the Linux kernel CVE-2026-23059, the vulnerable code paths are in Scsi qla2xxx logic, specifically qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(). The frame_size reported by firmware could exceed the 64-byte iocb member in struct purex_item, causing cross-boundary memcpy writes and Fo...

5.3AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005018)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005018 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy In preparation for FORTIFYSOURCE performing compile-ti...

7.8CVSS5.8AI score0.00236EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/16 12:26 a.m.5 views

SUSE CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

5.5CVSS6.6AI score0.00124EPSS
Exploits0References4
NVD
NVD
added 2026/01/14 3:16 p.m.8 views

CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

5.5CVSS0.00124EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/14 3:16 p.m.4 views

CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References9
OSV
OSV
added 2026/01/14 3:16 p.m.5 views

UBUNTU-CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/01/14 3:7 p.m.5 views

CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

5.4AI score0.00124EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder