Lucene search
+L

30 matches found

osv
osv
added 2026/07/09 12:55 p.m.2 views

OESA-2026-2974 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 has an integer overflow in storeAtts.CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in...

6.9CVSS6.1AI score0.0011EPSS
Exploits0References11
euvd
euvd
added 2026/06/30 12:31 a.m.6 views

EUVD-2026-40246

A buffer overflow in the GetAttributeList function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service DoS via supplying a crafted Common Packet Format CPF packet...

7.5CVSS6AI score0.00351EPSS
Exploits0References3
nvd
nvd
added 2026/06/29 10:16 p.m.12 views

CVE-2026-51221

A buffer overflow in the GetAttributeList function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service DoS via supplying a crafted Common Packet Format CPF packet...

7.5CVSS0.00351EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/29 12:0 a.m.21 views

CVE-2026-51221

A buffer overflow in the GetAttributeList function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service DoS via supplying a crafted Common Packet Format CPF packet...

0.00351EPSS
Exploits0References2
cve
cve
added 2026/06/29 12:0 a.m.19 views

CVE-2026-51221

CVE-2026-51221 describes a buffer overflow in the Get_Attribute_List() function of the EIPStackGroup OpENer project (commit 76b95c) that can cause a Denial of Service when processing a crafted CPF packet. Affected component is the OpENer EIP stack; the root cause is a buffer overflow in the Get_A...

7.5CVSS6AI score0.00351EPSS
Exploits0References2
nvd
nvd
added 2026/06/21 4:16 p.m.10 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS0.00102EPSS
Exploits0References1
osv
osv
added 2026/06/21 4:16 p.m.6 views

UBUNTU-CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/21 3:47 p.m.32 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS0.00102EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/21 3:47 p.m.10 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References2
cve
cve
added 2026/06/21 3:47 p.m.22 views

CVE-2026-56405

The connected sources specify a vulnerability in libexpat up to version 2.8.2, caused by an integer overflow in getAttributeId. The CVE entry lists this as CVE-2026-56405 with a CVSS v3.1 base score of 6.9 (Medium) and a Local attack vector, requiring high attack complexity, no privileges, and no...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References1Affected Software1
github
github
added 2026/05/21 9:30 p.m.15 views

Twig: Sandbox property and method bypass via object-destructuring assignment

Description The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to CoreExtension::getAttribute with the $sandboxed argument hardcoded to false, regardless of whether a SandboxExtension is active. This permanently disables the sandbox's property and method policy...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.9 views

PT-2026-42691

Name of the Vulnerable Software and Affected Versions Twig versions 3.24.0 through 3.24.x Description The object-destructuring assignment syntax generates a call to the getAttribute function within CoreExtension where the $sandboxed argument is hardcoded to false. This occurs regardless of whethe...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References15
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

7.8CVSS6.8AI score0.00456EPSS
Exploits0References2
osv
osv
added 2026/04/28 1:7 p.m.11 views

JLSEC-2026-282

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt called from nc4getatttc and ncgetatttext and in uffdcleanup called from netCDFDataset::netCDFDataset and netCDFDataset::netCDFDataset...

7.8CVSS7.8AI score0.0035EPSS
Exploits0References12
euvd
euvd
added 2026/04/24 2:42 p.m.4 views

EUVD-2026-25505

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...

5.4AI score0.00415EPSS
Exploits0References4
nessus
nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : kernel-3.10.0-1160.53.1.el7 (AXSA:2022-2973:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2973:02 advisory. kernel: perfeventparseaddrfilter memory CVE-2020-25704 kernel: fuse: fusedogetattr calls makebadinode in inappropriate situations CVE-2020-36322...

6.7CVSS8AI score0.0044EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/12/08 12:0 a.m.8 views

PT-2025-49453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System Daemon NFSD does not properly handle requests for new time deleg FATTR4 attributes introduced in newer NFS specifications. Specifically, NFSv4...

5.5AI score0.00519EPSS
Exploits4References387
osv
osv
added 2025/08/11 1:53 p.m.9 views

BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

5.9CVSS7.2AI score0.01724EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2024/09/13 12:0 a.m.11 views

PT-2024-37412

Name of the Vulnerable Software and Affected Versions: BT: Classic affected versions not specified Description: The issue concerns an SDP OOB access vulnerability in the get att search list function of BT Classic. Recommendations: At the moment, there is no information about a newer version that...

7.6CVSS6.2AI score0.0055EPSS
Exploits1References7
osv
osv
added 2023/03/16 9:15 p.m.4 views

CVE-2022-43604

An out-of-bounds write vulnerability exists in the GetAttributeList attributecountrequest functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote cod...

9.8CVSS6.1AI score0.14372EPSS
Exploits1References2
Rows per page
Query Builder