Lucene search
K

290 matches found

OSV
OSV
added 2026/05/22 6:16 p.m.13 views

UBUNTU-CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6.2CVSS6AI score0.00132EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In the function connectorbadedid, numblocks was read as numofext. In the commit e11f5bd8228f “drm: Add support for DP 1.4 Compliance edid corruption test”, the function connectorbadedid assumed that the memory allocated...

5.5CVSS5.8AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Set numsyncs to a limit to prevent excessively large allocations. The exec and vmBind ioctls allow userspace to specify an arbitrary value for numsyncs. Without bounds checking, a very large value of numsyncs can result i...

5.9AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dma-buf: A memory barrier should be inserted before updating numfences. smpstoremb inserts a memory barrier after storing data. This differs from what the comment originally intended; a null pointer dereferencing can occur if the...

5.5CVSS6AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...

5.5CVSS6AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: corrected the incorrect validation of the numaces field in smbacl. parsedcal now validates numaces to allocate an array of posixacestatearray. If numaces is greater than ULONGMAX / sizeofstruct smbace++, it results in a...

5.5CVSS6.4AI score0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.9 views

CVE-2026-6255

The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owlswrapper' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43205

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against DPSWMAXIF 64. This value controls iteration in...

7.8CVSS0.00139EPSS
Exploits0References7
CVE
CVE
added 2026/05/05 2:26 a.m.13 views

CVE-2026-6255

Summary: CVE-2026-6255 affects the WordPress plugin Simple Owl Shortcodes, with a Stored Cross-Site Scripting vulnerability via the num attribute of the owls_wrapper shortcode in all versions up to and including 2.1.1. The issue stems from insufficient input sanitization and output escaping on us...

6.4CVSS6AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.13 views

SUSE CVE-2026-31711

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix activenumconn leak on transport allocation failure Commit 77ffbcac4e56 "smb: server: fix leak of activenumconn in ksmbdtcpnewconnection" addressed the kthreadrun failure path. The earlier alloctransport == NULL...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 2:16 p.m.5 views

CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

8.8CVSS0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...

9.8CVSS6.1AI score0.93235EPSS
Exploits32References291
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31602

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...

7.8CVSS5.3AI score0.00131EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/04/22 2:16 p.m.4 views

CVE-2026-31464

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

8.1CVSS0.00274EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the numwritten value. This vulnerability could allow malicious VIO...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should u...

7.8CVSS6.5AI score0.00129EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013743 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

5.6AI score0.002EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 4:27 a.m.18 views

CVE-2026-3600

The CVE concerns the WordPress plugin Investi . It is vulnerable to Stored Cross-Site Scripting via the shortcode attribute maximum-num-years in the investi-announcements-accordion shortcode, affecting versions up to and including 1.0.26 . The root cause is insufficient input sanitization and out...

6.4CVSS6.1AI score0.00258EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 4:27 a.m.26 views

CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute

The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS0.00258EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006757 advisory. In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter numrdy Getting below error when using KCSAN to...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References4
Rows per page
Query Builder