Lucene search
K

242 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 8:43 a.m.5 views

CVE-2026-57235

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability allows an attacker to trigger an out-of-bounds read by providing a specially crafted large negative index to certain methods. This can lead to a denial of service DoS by crashing the application on CRuby, or by...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-625 A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds...

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

4.3CVSS5.9AI score0.00289EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:31 p.m.32 views

CVE-2026-57235 Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

6.3CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:31 p.m.16 views

CVE-2026-57235

CVE-2026-57235 affects Nokogiri (Ruby) prior to 1.19.4. The bug is in Nokogiri::XML::NodeSet#[] (and #slice) where the index check used a 32‑bit truncated copy, allowing a large negative index to pass bounds checks and be used with full width. Result: on CRuby an out‑of‑bounds read that typically...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 2:31 p.m.5 views

EUVD-2026-39422

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52447

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description Nokogiri is an open source XML and HTML library for the Ruby programming language. The Nokogiri::XML::NodeSet function and its alias slice performs a bounds check on the requested index using a...

8.2CVSS5.7AI score0.00331EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.13.1 : rsync (EulerOS-SA-2026-2150)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

4.3CVSS5.6AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : rsync (EulerOS-SA-2026-2189)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

4.3CVSS5.6AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 9:14 a.m.6 views

SUSE-SU-2026:22015-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

8.1CVSS5.5AI score0.0078EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2026/05/26 9:24 a.m.8 views

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

4.3CVSS5.7AI score0.00289EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 5:39 a.m.11 views

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

4.3CVSS5.7AI score0.00289EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 5:6 a.m.10 views

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

4.3CVSS5.7AI score0.00289EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.15 views

RHEL 9 : rsync (RHSA-2026:20602)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20602 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

7.8CVSS5.9AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2026/05/22 3:14 p.m.8 views

CLSA-2026-1779462894 rsync: Fix of CVE-2026-43620

CVE-2026-43620: prevent client-side out-of-bounds read in receiver when a malicious server sends a crafted file-list with parentndx0...

6.9CVSS5.8AI score0.00503EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access The commit 4d0c8d0aef63 “mmc: core: Use mrq.sbc in close-ended ffu” assigns previdata = idatasi - 1, but does not check that the iterator i is greater than zero. We will fix this ...

5.5CVSS5.8AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105setupdevlinkregions If an error occurs in dsadevlinkregioncreate, then the array ‘priv-regions’ will be accessed using a negative index -1. This issue was identified by the Linux...

7.8CVSS6.3AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevented array underflow in vega20odneditdpmtable In the PPODEDITVDDCCURVE case, the “inputindex” variable is capped at 2, but its negative values are not checked, resulting in an out-of-bounds read. This value comes...

6.1AI score0.0018EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check the index msgid before reading or writing. WHAT msgid is used as an array index, and it cannot be a negative value. Therefore, it cannot be equal to MODHDCPMESSAGEIDINVALID -1. HOW Check whether msgid is...

7.8CVSS6.4AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:43 p.m.10 views

OPENSUSE-SU-2026:20754-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References4
Rows per page
Query Builder