Lucene search
K

595 matches found

NVD
NVD
added 2026/05/06 12:16 p.m.14 views

CVE-2026-43210

In the Linux kernel, the following vulnerability has been resolved: tracing: ring-buffer: Fix to check event length before using Check the event length before adding it for accessing next index in rbreaddatabuffer. Since this function is used for validating possibly broken ring buffers, the lengt...

5.5CVSS0.00127EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 11:28 a.m.13 views

CVE-2026-43210

The CVE-2026-43210 entry concerns the Linux kernel tracing ring-buffer subsystem. The root cause is inadequate validation of event length in rb_read_data_buffer(), which can cause an invalid memory access if an event’s length is corrupted, potentially at boot time. The published fix is to check t...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 4:50 p.m.4 views

CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS6.2AI score0.01331EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 4:48 p.m.5 views

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS6.2AI score0.01029EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 4:48 p.m.41 views

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS0.01029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.02995EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/05/05 4:44 p.m.40 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS0.02995EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

RedisTimeSeries 安全漏洞

RedisTimeSeries is an open-source time series data structure for Redis. Versions of RedisTimeSeries prior to 1.12.14 have a security vulnerability. This vulnerability stems from the module not properly verifying the serialized values processed via the Redis RESTORE command. Authorized attackers c...

8.8CVSS6.2AI score0.01029EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013100 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...

5.7AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011347 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...

5.8AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007461 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of thi...

5.5CVSS5.8AI score0.0019EPSS
Exploits0References4
NVD
NVD
added 2026/02/18 4:22 p.m.4 views

CVE-2025-71231

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...

7.1CVSS0.00117EPSS
Exploits0References4
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

Google SentencePiece Buffer Overflow Vulnerability

Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...

8.5CVSS6AI score0.00163EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/30 12:27 a.m.5 views

SUSE CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

5.3CVSS5.9AI score0.00768EPSS
Exploits1References23
Cvelist
Cvelist
added 2026/01/27 4:1 p.m.31 views

CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

0.00502EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/27 4:1 p.m.7 views

EUVD-2025-206394

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.9AI score0.00768EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/22 8:59 p.m.11 views

CVE-2026-1260

A flaw was found in Sentencepiece. This flaw involves invalid memory access when the software processes a specially crafted, vulnerable model file. A local attacker could exploit this by tricking a user into loading such a file. Successful exploitation could lead to a denial of service, informati...

8.5CVSS5.7AI score0.00163EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 6:30 p.m.2 views

GHSA-38VQ-G6VR-W8WF Sentencepiece has a a heap overflow issue

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure...

8.5CVSS5.9AI score0.00163EPSS
Exploits0References4
NVD
NVD
added 2026/01/22 5:16 p.m.7 views

CVE-2026-1260

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure...

8.5CVSS0.00163EPSS
Exploits0References6
Rows per page
Query Builder