CVE-2026-46433

CVE-2026-46433 affects lldpd (LLDP implementation). Prior to version 1.0.22, lldpd_decode() incorrectly shifts frame payload when removing 802.1Q VLAN tags, using a length calculation that causes a 4-byte heap OOB read if the frame size equals the interface MTU. This vulnerability is fixed in ver...

CVE-2026-43025 netfilter: ctnetlink: ignore explicit helper on new expectations

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...

EUVD-2026-16335

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-30984

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence causing an application crash. This vulnerability is fixed in 2.3.1.5...

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

Alibaba Cloud Linux 3 : 0178: libssh (ALINUX3-SA-2025:0178)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0178 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-5318: A flaw was found in the libssh libra...

Linux Distros Unpatched Vulnerability : CVE-2018-14544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists one invalid memory read bug in AP4SampleDescription::GetFormat in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a...

Medium: krb5

Issue Overview: krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371 Affected Packages: krb5 Note: This advisory i...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 5.0.2 and prior to 4.9.6, which stems from the fact that the last iteration of the Base64.encode function can read portions of memory...

Important: thunderbird

Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. CVE-2024-1546 Through a series of API calls and...

OESA-2024-1231 stb security update

Single-file public domain libraries for C/C++. Security Fixes: stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to...

DEBIAN-CVE-2023-45662

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

SUSE CVE-2009-2846

The eisaeepromread function in the parisc isa-eeprom component drivers/parisc/eisaeeprom.c in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read ...

PT-2023-6666 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2022 versions prior to V222.0MP12 Solid Edge SE2023 versions prior to V223.0Update2 Description: A vulnerability has been identified that involves an out of bounds read past the end of an allocated structure while parsing special...

OESA-2021-1204 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: Exiv2 is a C++ library and a...

PT-2020-12510 · Freerdp +6 · Freerdp +6

Name of the Vulnerable Software and Affected Versions: FreeRDP versions 1.1 through 1.9 Description: The issue involves an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in version 2.0.0. Recommendations: For versions 1.1 through 1.9, updat...

CVE-2018-14545

There exists one invalid memory read bug in AP4SampleDescription::GetType in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts...

CVE-2018-14545

There exists one invalid memory read bug in AP4SampleDescription::GetType in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts...

CVE-2018-14545

There are concrete details for CVE-2018-14545: Bento4 version 1.5.1-624 contains an invalid memory read in AP4_SampleDescription::GetType() (Ap4SampleDescription.h) that can cause a denial-of-service when processing crafted MP4 files, with exploitation potentially triggered by the mp42ts executab...

CVE-2018-14544

CVE-2018-14544 concerns Bento4 1.5.1-624, where an invalid memory read in AP4_SampleDescription::GetFormat() can be triggered by crafted MP4 files (notably via mp42ts), leading to denial of service. The issue is documented across multiple feeds (NVD, OSV, CNVD, CVE list, Nessus/NASL notes) with c...