UBUNTU-CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

IBM Db2 Resource Management Error Vulnerability (CNVD-2026-13789)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a Resource Management Error vulnerability that originates from a misallocation of...

IBM Cloud Pak for Business Automation Misallocation of Ownership Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the misallocation of struct fbinfo.dev, which could lead to an incorrect reduction of the hardware device...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the vhostvsock component to allocate memory using kmalloc when processing large packets, which...

UBUNTU-CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

IBM TXSeries for Multiplatforms 安全漏洞

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1 that...

IBM Safer Payments 安全漏洞

IBM Safer Payments is the first true cognitive fraud prevention solution for payment processing from IBM USA. helps clients create customized, user-friendly decision models. IBM Safer Payments has a security vulnerability that stems from misallocation of resources and vulnerability to denial of...

LevelOne WBR-6012 安全漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6012 that originates from the effects of resource misallocation in a web application and can cause network service interruption via a specially crafted request...

AZL-51868 CVE-2024-50610 affecting package gsl 2.6-3

GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs...

Linux kernel resource misallocation vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource misallocation vulnerability that stems from an issue with forced large page alignment on 32-bit systems.Due to the constrained virtual...

SUSE CVE-2015-1827

The getusergrouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service crash via a group list request for a user that belongs to a large number of groups...

Vyper has incorrectly allocated named re-entrancy locks

Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of...

SUSE CVE-2013-1983

Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function...

Lack of input validation to check whether the tokenId of the NFT exists or not - this lead to misallocation of fee earned

Lines of code Vulnerability details Impact In the distributeFees function, there is no input validation to check whether the tokenId of the NFT exists or not. If a caller inputs tokenId that does not exist, the fee earned will be added to the balance of tokenId that does not exist. Although this...

Bids can be created while paused

Lines of code Vulnerability details createBid allows for bid creation while the Auction is paused. As the latter happens on a system error mint failure, this can allow an attacker to interacts with the malfunctioning system. This at least can lead to misallocation of user's funds, i.e. freezing t...

If extra reward token is "protected token" it the rewards will be taken by other protocols

Lines of code Vulnerability details Impact Misallocation of extra reward tokens Proof of Concept Let's think of a scenario where CRV is being used as an extra incentive for a pickle finance gauge. The extra rewards will be sent to voterProxy but when the extra rewards stash tries to claim them, t...

AZL-7124 CVE-2021-45960 affecting package expat for versions less than 2.4.3-1

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

Apache NuttX 输入验证错误漏洞

Apache NuttX is a real-time embedded operating system from the Apache Foundation USA. Apache NuttX suffers from an input validation error vulnerability that stems from the fact that incorrect memory allocation could lead to arbitrary memory allocation, which could result in unexpected behavior su...