Lucene search
+L

329 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-54609

Malicious code in bioql PyPI...

7.1CVSS6AI score0.00261EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 7:14 a.m.6 views

Security Bulletin: Vulnerability in libxml2 library (CVE-2025-32414) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32414 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings...

7.5CVSS6.8AI score0.00355EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.6 views

Amazon Linux 2 : LibRaw (ALAS-2025-2954)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...

9.8CVSS7AI score0.00368EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/02 10:3 p.m.10 views

CVE-2025-23277

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information...

7.3CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/25 12:53 p.m.10 views

CVE-2025-38382 btrfs: fix iteration of extrefs during log replay

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At inodeaddref when processing extrefs, if we jump into the next label we have an undefined value of victimname.len, since we haven't initialized it before we did the goto. This...

0.00156EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:28 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)

Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...

7.5CVSS6.6AI score0.00914EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/19 6:58 p.m.12 views

CVE-2025-54070

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS6.9AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/17 6:25 p.m.13 views

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS0.00334EPSS
Exploits0References2
OSV
OSV
added 2025/07/17 6:25 p.m.8 views

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...

6.9CVSS7AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.10 views

PT-2025-29948 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 5.2.0 through 5.3.9 Description: The lastIndexOfbytes,byte,uint256 function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is...

6.9CVSS6.7AI score0.00334EPSS
Exploits0References10
NVD
NVD
added 2025/07/14 6:15 p.m.6 views

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

9.8CVSS0.00617EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-32414)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32414 advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API...

7.5CVSS6.8AI score0.00355EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.5 views

Azure Linux 3.0 Security Update: glibc (CVE-2023-4806)

The version of glibc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4806 advisory. - A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function May access memor...

5.9CVSS6.6AI score0.01439EPSS
Exploits0References2
NVD
NVD
added 2025/07/10 9:15 a.m.8 views

CVE-2025-38340

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - csdspmockbinaddnameorinfo, because the source string length was rounded up to the allocation size...

7.1CVSS0.0014EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/07/10 8:15 a.m.8 views

CVE-2025-38340

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - csdspmockbinaddnameorinfo, because the source string length was rounded up to the allocation size...

7.1CVSS6AI score0.0014EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/07/10 8:15 a.m.9 views

CVE-2025-38330

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test ctl cache KASAN reported out of bounds access - csdspctlcacheinitmultipleoffsets. The code uses mockcoefftemplate.lengthbytes 4 bytes for register value allocations. But...

7.1CVSS6.1AI score0.00145EPSS
Exploits0
OSV
OSV
added 2025/07/10 8:15 a.m.2 views

CVE-2025-38330 firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test ctl cache KASAN reported out of bounds access - csdspctlcacheinitmultipleoffsets. The code uses mockcoefftemplate.lengthbytes 4 bytes for register value allocations. But...

7.1CVSS6.4AI score0.00145EPSS
Exploits0References5
CVE
CVE
added 2025/07/10 7:41 a.m.58 views

CVE-2025-38269

CVE-2025-38269 affects the Linux kernel, specifically the btrfs path. When exit after a state insertion failure occurs in btrfs_convert_extent_bit(), if insert_state() fails and CONFIG_BUG is disabled, the code falls through to cache_state() and dereferences the error pointer, causing an invalid ...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/08 4:30 p.m.3 views

CVE-2025-43580 Audition | Access of Memory Location After End of Buffer (CWE-788)

Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this...

5.5CVSS6.6AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 1:37 p.m.98 views

CVE-2025-38226

CVE-2025-38226 targets the Linux kernel, specifically the media/v4l2-tpg path used by vivid. The issue is a KASAN-detected vmalloc-out-of-bounds access in tpg_fill_plane_pattern and tpg_fill_plane_buffer (v4l2-tpg-core.c:2608 and 2705), causing a write of size 1440 to a kernel address during vivi...

7.8CVSS6.4AI score0.00157EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder