CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

CVE-2026-37536

miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a 2016-10-05 contains a stack buffer overflow in senddiagnosticrequest. A 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 receives memcpy at offset 1+pidlength with payloadlength bytes. MAXUDSREQUESTPAYLOADLENGTH=7, so 1+2+7=10 exceeds...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from the lack of verification of the data length provided to users during the parsing of ICNS files. This vulnerability may lead to heap buffer overflows and remote code execution...

TOTOLINK T6 缓冲区错误漏洞

TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.TOTOLINK T6 version V4.1.9cu.5179B20201015 is vulnerable to a stack overflow vulnerability, which originates from the desc, week, sTime, eTime parameters in the FUN004133c4 function for The input data is not checked f...

CVE-2021-31346

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an ICMP...

PT-2021-6895 · Mentor Graphics +1 · Nucleus Net +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 40...

Siemens Nucleus 安全漏洞

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. It is used to accelerate the fast start-up of complete systems and provides a rich board-level support package Bsp. A security vulnerability exists in Siemens Nucleus ReadyStart, which stems from the total length of the UDP...

PT-2021-6894 · Mentor Graphics +1 · Nucleus Net +10

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 40...

Siemens Nucleus 安全漏洞

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

nss: Check length of inputs for cryptographic primitives

A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability...

Buffer Overflow Vulnerability in Project64 Software

Project64 is a software application for the pc platform. A buffer overflow vulnerability exists in the Project64 software. By failing to check the length of input data at the plug-in field, an attacker can exploit the vulnerability to execute arbitrary code within the context of the application...

wireshark: NFS dissector crash (wnpa-sec-2014-01)

The nfsnamesnoopaddname function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service memory corruption and application crash via a crafte...