Lucene search
K

5463 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56458

Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...

6.3CVSS6.1AI score0.0017EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 3:16 p.m.9 views

CVE-2026-58380

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.8CVSS0.00216EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/06 1:58 p.m.43 views

CVE-2026-58380 Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS0.00216EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/06 1:58 p.m.4 views

EUVD-2026-41875

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score0.00216EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:58 p.m.11 views

CVE-2026-58380

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score0.00216EPSS
Exploits1References5
CVE
CVE
added 2026/07/06 1:58 p.m.21 views

CVE-2026-58380

GIMP contains a vulnerability in its PNM file format parser where the function pnmscanner_gettoken() writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one loop boundary check. This memory corruption could lead to denial of service or arbitrary code execut...

7.8CVSS6.3AI score0.00216EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2026/07/06 1:58 p.m.2 views

CVE-2026-58380 Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score0.00216EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/07/06 8:46 a.m.5 views

CVE-2026-56361

A flaw was found in ImageMagick. An attacker can exploit an off-by-one error in the morphology validation by providing incorrect morphology parameters. This can lead to out-of-bounds heap buffer reads and heap buffer overflow, potentially causing memory access violations. Mitigation To reduce...

7.1CVSS6AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/07/03 4:16 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 3:11 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References3
CVE
CVE
added 2026/07/03 3:11 p.m.24 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:11 p.m.8 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score0.00142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/03 3:2 a.m.5 views

SUSE CVE-2026-56361

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

3.3CVSS6.1AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 10:16 p.m.4 views

DEBIAN-CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score0.00597EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 10:16 p.m.5 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS0.00597EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 9:19 p.m.6 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/02 9:19 p.m.20 views

CVE-2026-12413

The CVE-2026-12413 issue affects Libreswan’s pluto daemon and is triggered by an invalidly formatted IKEv2 fragment. The root cause is an off-by-one error in the assertion within reassemble_v2_incoming_fragments(), which can cause the daemon to abort when handling certain outer payloads that are ...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/02 5:35 a.m.6 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
Rows per page
Query Builder