Lucene search
K

600 matches found

CloudLinux
CloudLinux
added 2026/04/25 8:51 a.m.10 views

busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

9.8CVSS6.7AI score0.32919EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.8 views

PT-2026-35139

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In openvswitch, the validate set function accepted OVS KEY ATTR MPLS as a variable-sized payload for SET and SET MASKED actions. However, action handling expects fixed-size MPLS key data...

7.1CVSS5.8AI score0.00117EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:44 p.m.7 views

CVE-2026-31641

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...

5.7AI score0.00143EPSS
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2026/04/23 4:5 p.m.10 views

USN-8206-1: OpenMPT vulnerability

Antonio Morales Maldonado discovered that OpenMPT did not properly limit the length of strings in certain cases, leading to a buffer overflow. An attacker could possibly use this issue to cause OpenMPT to crash, resulting in a denial of service...

9.8CVSS6AI score0.02701EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from a panic being triggered by HistoryTreeProof::verify in the nimiq-transaction when processing proofs with incorrect formats...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013738 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c...

5.9AI score0.00187EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/21 5:47 p.m.11 views

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

7.8CVSS8AI score0.00787EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011146)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011146 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c...

6.1AI score0.00187EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/20 3:31 a.m.5 views

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

7.8CVSS8AI score0.00787EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/17 5:47 p.m.8 views

EUVD-2025-209528

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS5.8AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.14 views

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, offering multiple ANSI SQL-92 features. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the lack of validation...

7.5CVSS5.8AI score0.00466EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 10:52 p.m.7 views

GHSA-3G92-F9CH-QJCM Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths

Vulnerability Currently, when hashing, if the number of elements to hash is not a multiple of the rate, hashiter pads by elements of the current state. This means that it is possible to create iterators of different lengths which lead to an identical hashed state. Given a simple example using a...

6.3CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 10:4 p.m.4 views

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.8CVSS6.1AI score0.0016EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/16 1:30 a.m.11 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the MakeTable in the decompression routine when bit-length values from a crafted firmware blob exceed the expected range, leading to stack memory corruption in the Count array and related decode tables. An...

8.8CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 1:30 a.m.15 views

UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable

uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...

7.8CVSS6.1AI score0.00396EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/15 2:7 p.m.4 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/15 10:57 a.m.8 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/15 10:54 a.m.5 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/15 10:48 a.m.5 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/15 10:42 a.m.6 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
Rows per page
Query Builder