Lucene search
+L

402 matches found

EUVD
EUVD
added 2026/04/09 2:41 p.m.3 views

EUVD-2026-20897

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS6AI score0.00195EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/09 2:41 p.m.32 views

CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS0.00195EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

6.6CVSS6.7AI score0.00629EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from an out-of-bounds read in the DecodePsmctRle1 function. This vulnerability may allow the decoder to read data beyond the allocated memory area, potentially exposing heap...

7.1CVSS5.8AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-5445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in the DecodeLookupTable function within DicomImageDecoder.cpp. The lookup-table decoding logic used for PALETTE COLO...

9.1CVSS7.3AI score0.00666EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:44 p.m.10 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/06 9:22 a.m.5 views

CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

7.1CVSS5.2AI score0.00178EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.7 views

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...

5.3CVSS6AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2023-60542

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...

5.3CVSS6AI score0.00317EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 3:52 p.m.7 views

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...

5.3CVSS6AI score0.00317EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

5.8CVSS6AI score0.02286EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/24 3:27 p.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PSD format handler when processing a specially crafted file containing ZIP-compressed layer data that decompresses to less than the expected size. An attacker can obtain sensitive information from uninitialize...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-5.4.16-48.0.5.el7.AXS7 (AXSA:2025-9709:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9709:01 advisory. CVE-2024-8929: fix various heap buffer over-reads CVEs: CVE-2024-8929 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile...

5.8CVSS6AI score0.02286EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:17 a.m.12 views

CVE-2021-0484

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

5.5CVSS6.1AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.9 views

CVE-2021-0435

In avrcprocvendorcommand of avrcapi.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8....

7.5CVSS6.5AI score0.01712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.7 views

CVE-2025-20760

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS6.8AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/06 1:46 a.m.30 views

CVE-2025-20760

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/01/06 1:46 a.m.15 views

CVE-2025-20760

CVE-2025-20760 concerns a vulnerability in Modem where an uncaught exception allows reading uninitialized heap data, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction, and no privileges beyond network access are needed (attack ...

6.5CVSS6.4AI score0.00257EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

MediaTek chipsets 安全漏洞

MediaTek Chipsets is a line of chipsets from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek chipsets that stems from an uncaught exception leading to the reading of uninitialized heap data, which could lead to a remote denial of service...

6.5CVSS6.7AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.8 views

PT-2026-1365

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A flaw exists in Modem that may lead to a remote denial of service. This issue stems from a read of uninitialized heap data caused by an uncaught exception. An attacker can exploit this by havi...

7.5CVSS6.6AI score0.00257EPSS
Exploits0References5
Rows per page
Query Builder