Lucene search
K

545 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:39 a.m.8 views

EUVD-2026-39209

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

5.7AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52948

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2CTIMEOUT ioctl While fuzzing with Syzkaller, a persistent scheduletimeout: wrong timeout value warning was observed, accompanied by SMBus controller state machine corruption. The I2CTIMEOUT...

0.00185EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fixed a memory leak in svsenabledebugWrite. In svsenableDebugWrite, the buffer allocated by memdupusernul may be leaked if kstrtoint fails. This issue was addressed by using freekfree to automatically free the...

5.5CVSS6AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 6:26 a.m.13 views

EUVD-2026-37039

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

5.5AI score0.00321EPSS
Exploits11References1
EUVD
EUVD
added 2026/06/09 4:2 p.m.16 views

EUVD-2026-35473

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-46597

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service DoS for the affected system...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References7
CVE
CVE
added 2026/06/02 2:16 p.m.40 views

CVE-2026-10046

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write in the BIOS INT 0x15 / E820 memory map handler (napoca/guests/bios_handlers.c). The handler derives a destination offset into the guest RealModeMemory from guest-controlled ES and EDI without validating the address against t...

8.5CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.24 views

PT-2026-45766

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...

8.5CVSS5.8AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44341

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bounds checking issue exists in the Linux kernel DRM AMD GPU driver. The uvd, vce, and vcn components access the Indirect Buffer IB at predefined offsets without verifying if the IB is...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References284
NVD
NVD
added 2026/05/27 2:17 p.m.13 views

CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

5.5CVSS0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 12:55 p.m.35 views

CVE-2026-45987

Technical details about CVE-2026-45987 are not publicly provided in the connected documents. No explicit affected products, root cause, or fixes are present beyond generic patch notes; monitor for updates.

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the svsenable DebugWrite function in the mediatek SVS driver, which fails when the...

5.9AI score0.00156EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 5:16 p.m.6 views

DEBIAN-CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

7.1CVSS6AI score0.00116EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 12:27 p.m.17 views

Malicious Package

Overview int-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:27 p.m.21 views

Malicious code in int-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.10 views

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

6AI score0.00116EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 4:16 a.m.8 views

UBUNTU-CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
Rows per page
Query Builder