Lucene search
K

137 matches found

NVD
NVD
added 2026/06/30 10:16 p.m.10 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:59 p.m.28 views

CVE-2026-57204 pypdf: Missing stream length values ignore defined limits

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS0.00206EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 9:59 p.m.5 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.7AI score0.00206EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/25 12:1 p.m.6 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

7.5CVSS6.7AI score0.00985EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.5 views

PT-2026-54003

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.3 Description A flaw in the library allows a maliciously crafted PDF to cause a Denial of Service DoS. This occurs when the system parses a content stream that lacks a /Length value, causing the MAX DECLARED STREAM...

6.9CVSS6AI score0.00206EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : libpng12 (SUSE-SU-2026:1716-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1716-1 advisory. Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead...

9.8CVSS6.2AI score0.04113EPSS
Exploits2References10
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accessing iniei + 5 before the length check in rtwrestructwmmie, potentially leading to...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 10:27 p.m.9 views

CLSA-2026-1778020045 binutils: Fix of CVE-2021-3826

CVE-2021-3826: fix heap/stack buffer overflow in dlanglname libiberty d-demangle.c via missing length check in dlangsymbolbackref...

6.5CVSS6AI score0.01089EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/04/28 11:33 a.m.6 views

Security update for freerdp2

This update for freerdp2 fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

8.8CVSS5.8AI score0.00656EPSS
Exploits14References62
OSV
OSV
added 2026/04/27 12:6 p.m.5 views

SUSE-SU-2026:1634-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

9.8CVSS4.9AI score0.00599EPSS
Exploits13References30
OSV
OSV
added 2026/04/27 12:5 p.m.5 views

SUSE-SU-2026:1633-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

9.8CVSS5AI score0.00599EPSS
Exploits15References35
NVD
NVD
added 2026/04/18 12:16 a.m.8 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 11:11 p.m.21 views

CVE-2026-40333

Libgphoto2 (up to v2.5.33) suffers an out‑of‑bounds read in camlibs/ptp2/ptp-pack.c: ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() read data without a length check due to a missing parameter, with callers in ptp_unpack_EOS_events() not passing xsize. This unbounded read can lead ...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 11:11 p.m.10 views

EUVD-2026-23581

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:11 p.m.7 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/17 11:11 p.m.6 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.5AI score0.00218EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33523

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description Two functions in camlibs/ptp2/ptp-pack.c accept a data pointer without a length parameter, leading to unbounded reads. The calling function ptp unpack EOS events possesses the xsize variable but...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References19
OSV
OSV
added 2026/04/16 11:16 p.m.2 views

DEBIAN-CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.4 views

SUSE CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.3CVSS5.8AI score0.00769EPSS
Exploits0References5
Rows per page
Query Builder