Lucene search
K

247 matches found

OSV
OSV
added 2026/04/20 6:28 p.m.3 views

OPENSUSE-SU-2026:20589-1 Security update for tor

This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem TROVE-2026-004, boo1262302 Fix a series of defense in depth security issues found across the codeba...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/18 12:16 a.m.4 views

CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

2.4CVSS0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-49605

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.6 Description A memory leak issue known as Squidbleed exists in the Squid web proxy. The flaw originates from a 1997 code change in the FTP directory-listing parser, where a misunderstanding of how the strchr function...

6.8CVSS6.7AI score
Exploits1References76
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007246 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers ca...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/13 10:5 a.m.3 views

firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...

9.8CVSS7.2AI score0.00483EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough...

9.8CVSS6AI score0.00257EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:43 p.m.7 views

CVE-2026-5734

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...

9.8CVSS5.9AI score0.00329EPSS
Exploits0References6
OSV
OSV
added 2026/03/25 9:58 a.m.5 views

SUSE-SU-2026:20932-1 Security update for ffmpeg-7

This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...

5.3CVSS5.9AI score0.00342EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:34 a.m.9 views

CVE-2026-4441

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00317EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/13 1:15 p.m.6 views

SUSE CVE-2026-32259

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...

6.7CVSS6AI score0.00096EPSS
Exploits0References7
OSV
OSV
added 2026/03/09 9:18 a.m.17 views

CLSA-2026-1773047921 kernel: Fix of 70 CVEs

wifi: iwlwifi: mvm: guard against invalid STA ID on removal CVE-2024-36921 - ASoC: topology: Fix references to freed memory CVE-2024-41069 - net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 - drivers: base: Free devm resources when unregistering a device...

8CVSS6.9AI score0.00618EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NSS vulnerability (USN-8071-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8071-1 advisory. It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to caus...

9.8CVSS6AI score0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.8 views

RHEL 8 : kernel (RHSA-2026:3360)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3360 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/core: Fix KASAN:...

7.8CVSS6.6AI score0.00517EPSS
Exploits3References38
OSV
OSV
added 2026/03/01 4:35 p.m.4 views

SUSE-SU-2026:0731-1 Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256097. -...

7.8CVSS6.1AI score0.00195EPSS
Exploits0References7
OSV
OSV
added 2026/02/28 12:46 p.m.6 views

OESA-2026-1471 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

10CVSS6.3AI score0.00604EPSS
Exploits0References39
SUSE CVE
SUSE CVE
added 2026/02/28 12:24 a.m.5 views

SUSE CVE-2026-25997

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal reads freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect frees the array while the X11 event thread concurrently...

5.3CVSS5.8AI score0.00567EPSS
Exploits1References11
Snyk
Snyk
added 2026/02/24 1:48 a.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in msl.c. An attacker can cause memory exhaustion and disrupt service availability by submitting malicious image files. Remediation A fix was pushed into the master branch but not yet...

7.5CVSS5.7AI score0.00438EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/02/17 12:33 p.m.11 views

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...

8.8CVSS6.3AI score0.2202EPSS
Exploits12
OSV
OSV
added 2026/02/12 10:11 p.m.6 views

GHSA-XX7M-69FF-9CRP SurrealDB vulnerable to Denial of Service through scripting function memory edge case

In SurrealDB instances with the scripting capability enabled --allow-scripting, users with the ability to run arbitrary queries can trigger a server crash due to a memory-safety bug in the underlying JS engine. The SurrealDB instance terminates instantly, requiring a manual restart. The query...

6CVSS6.1AI score
Exploits0References6
OSV
OSV
added 2026/02/10 12:0 a.m.7 views

ALSA-2026:2378 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps...

7.8CVSS5.5AI score0.0071EPSS
Exploits0References18
Rows per page
Query Builder