Lucene search
K

49 matches found

OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-13923

Uninitialized Use in GPU in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.33 views

CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS0.00276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Fixed the issue where the sevreceivestart command failed due to the absence of the sevdecommission command. The current SEV context must be decommissioned if binding an ASID fails after a RECEIVESTART operation. Accordi...

5.1CVSS5.3AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-12015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:35 p.m.8 views

EUVD-2026-36053

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6575

A flaw was found in PostgreSQL. This buffer over-read vulnerability in the pgrestoreattributestats function allows a table maintainer to infer memory values. By providing array values of unmatched length, a malicious table maintainer can cause query planning to read past the end of an array,...

4.3CVSS5.6AI score0.00208EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.32 views

SUSE CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7CVSS5.8AI score0.00478EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 10:25 p.m.34 views

CVE-2026-10008

CVE-2026-10008 concerns an uninitialized use flaw in the GPU component of the Chromium-based Google Chrome on Android. The issue allows a remote attacker to potentially read sensitive information from a process’s memory via a crafted HTML page. The public description cites the root cause as an un...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 9:16 p.m.10 views

DEBIAN-CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
added 2026/05/06 12:0 a.m.12 views

Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-5885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive...

6.5CVSS7.3AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 9:16 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the aviparseinputfile process. An attacker can cause application crashes or leak sensitive information from memory by convincing a user to open a specially crafted AVI file containing a truncated header sub-chunk...

7.1CVSS5.8AI score0.00178EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.9 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.1AI score0.0036EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/18 6:58 p.m.4 views

EUVD-2026-12936

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

6.9CVSS6AI score0.00518EPSS
Exploits0References4
RustSec
RustSec
added 2026/03/17 12:0 p.m.8 views

Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

8.2CVSS5.9AI score0.00608EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/10 5:50 p.m.10 views

EUVD-2026-10724

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

6.1CVSS5.8AI score0.0015EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 5:50 p.m.3 views

CVE-2026-30982 iccDEV has a heap out-of-bounds read in CIccPcsXform::pushXYZConvert()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

6.1CVSS5.8AI score0.0015EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.10 views

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smb3reconfigure function not releasing the password buffer when it fails, potentially leading...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.7 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1304)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1304 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad...

7.8CVSS6.5AI score0.00162EPSS
Exploits1References6
Rows per page
Query Builder