Lucene search
K

68 matches found

OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53235

In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...

8.2CVSS5.7AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...

7.8CVSS6.5AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 4:5 p.m.49 views

CVE-2026-55203

HAProxy

9.1CVSS5.6AI score0.00321EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:20 p.m.6 views

GHSA-Q6M5-F73J-M9MC Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...

9.3CVSS5.8AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: spmi: In the trace function, there was an issue where access to memory was out of bounds. This issue was fixed by using a length of “len” instead of “len + 1”. The functions tracespmiwritebegin and tracespmireadend both use memcp...

7.1CVSS6.1AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a double-free of blocks due to incorrect movedlen values during extent movements. In ext4moveextents, movedlen is updated only when all movements are successfully executed. It also discards preallocations for originod...

7.8CVSS6.2AI score0.00266EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: It is enforced that teql can only be used as a root qdisc. The design intent of teql is that it is only supposed to be used as a root qdisc. Therefore, we need to ensure this constraint is respected. Although not very...

7.8CVSS6.4AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33993

Name of the Vulnerable Software and Affected Versions Storable versions prior to 3.05 Description A stack overflow exists in the retrieve hook function. The issue occurs because the length of the class name is stored as a signed integer but is treated as unsigned during read operations, allowing ...

10CVSS5.2AI score0.00641EPSS
Exploits0References13
NVD
NVD
added 2026/04/17 6:16 p.m.10 views

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS0.00185EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/13 11:16 p.m.6 views

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

6.9CVSS5.9AI score0.00559EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/02 5:54 p.m.5 views

EUVD-2026-18466

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:43 p.m.1 views

CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.2 views

PT-2026-29863

Name of the Vulnerable Software and Affected Versions leancrypto versions prior to 1.7.1 Description The leancrypto library, a cryptographic library focused on post-quantum cryptography, has an issue in the lc x509 extract name segment function. A cast from size t to uint8 t when handling the...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/05 8:45 p.m.8 views

stellar-xdr's StringM::from_str bypasses max length validation

Impact StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns an Ok value instead of ErrError::LengthExceedsMax, producing a StringM that violates its length invariant. This affec...

7.5CVSS6AI score0.00193EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.23 views

CVE-2025-70083

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OSMAXPATHLEN. If the length of DirName i...

0.00199EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 5:16 p.m.4 views

UBUNTU-CVE-2026-23074

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

8.5CVSS5.7AI score0.00134EPSS
Exploits0References44
OpenVAS
OpenVAS
added 2026/01/15 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01525EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-71128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a...

5.5CVSS6.1AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993287 advisory. In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions tracespmiwritebegin and...

7.1CVSS6AI score0.00213EPSS
Exploits0References4
Rows per page
Query Builder