Lucene search
K

1673 matches found

NVD
NVD
added 2026/05/15 6:16 a.m.34 views

CVE-2026-43490

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...

8.8CVSS0.00408EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:15 a.m.21 views

CVE-2026-43490

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...

8.8CVSS6AI score0.00408EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE...

8.8CVSS7.3AI score0.00408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41267

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb inherit dacl function fails to verify that the variable-length Security Identifier SID described by sid.num subauth is fully contained within the Access...

8.8CVSS6AI score0.00549EPSS
Exploits1References56
OSV
OSV
added 2026/05/14 3:5 p.m.6 views

OPENSUSE-SU-2026:20752-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/14 12:9 p.m.9 views

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

7.8CVSS7.7AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021406)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021406 advisory. GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect...

8.8CVSS7.8AI score0.00828EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017768 advisory. Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. I...

5.9CVSS6.8AI score0.18891EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016789 advisory. A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform pat...

3.7CVSS5.8AI score0.0037EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 3:16 p.m.8 views

UBUNTU-CVE-2026-43387

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References11
NVD
NVD
added 2026/05/08 2:16 p.m.13 views

CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS0.00502EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient validation of the data length in the rtwgetieex function, potentially leading to...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Code-Projects Simple Chat System 注入漏洞

Code-Projects Simple Chat System is an easy-to-use chat system developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple Chat System has a SQL injection vulnerability, which arises from the validations of the parameters type/length/business in the sendMessage.php file,...

6.5CVSS6.7AI score0.0025EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:21 a.m.16 views

SUSE CVE-2026-31748

In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...

5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:21 a.m.16 views

SUSE CVE-2026-31752

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: validate ND option lengths brndsend walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References11
OSV
OSV
added 2026/05/07 12:12 a.m.11 views

GHSA-CM33-6792-R9FM Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

7.5CVSS5.8AI score0.00818EPSS
Exploits1References5
NVD
NVD
added 2026/05/06 12:16 p.m.29 views

CVE-2026-43266

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

5.5CVSS0.00119EPSS
Exploits0References8
NVD
NVD
added 2026/05/06 12:16 p.m.37 views

CVE-2026-43254

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...

7.5CVSS0.00451EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 11:28 a.m.25 views

CVE-2026-43266

The CVE-2026-43266 issue affects the Linux kernel’s ARM CPER/APEI handling: a CPER record with an oversized section_length can cause the kernel to read beyond the intended firmware buffer, leading to a large data dump and potential memory access issues. The fix adds a guard so the kernel stops at...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.45 views

CVE-2026-43266 EFI/CPER: don't go past the ARM processor CPER record buffer

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

0.00119EPSS
Exploits0References8
Rows per page
Query Builder