5248 matches found
cyrus-sasl: Fix of CVE-2019-19906
CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...
CVE-2026-42272
CVE-2026-42272 affects Heimdall, a cloud-native Identity Aware Proxy/Access Control service. Before v0.17.14, it treated URL-encoded slashes (%2F) as case-sensitive while percent-encodings must be case-insensitive, causing %2f to be ignored when allow_encoded_slashes is off (default). This discre...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rtw8822bsetantenna function being called during chip power-off conditions. This may trigger a...
PT-2026-38922
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rtw88 wireless driver where the rtw8822b set antenna function can be called from userspace while the chip is powered off. This sequence triggers a warning in the...
Linux Distros Unpatched Vulnerability : CVE-2025-71297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: rtw88: 8822b: Avoid WARNING in rtw8822bconfigtrxmode rtw8822bsetantenna can be called from userspace when the chip is powered off. In that case a WARNING ...
CLSA-2026-1778175067 cyrus-sasl: Fix of CVE-2019-19906
CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...
CLSA-2026-1778174697 httpd: Fix of 9 CVEs
CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the ConsumeUnit16Array and ConsumeUnit64Array functions. An attacker can cause a process crash by supplying a specially crafted .evtx file to the parseevtx VQL plugin on Windows and Linux systems. Remediation A fix w...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the ConsumeUnit16Array and ConsumeUnit64Array functions. An attacker can cause a process crash by supplying a specially crafted .evtx file to the parseevtx VQL plugin on Windows and Linux systems. Remediation A fix w...
GHSA-6CMP-QV2F-X97X Velocidex Velociraptor has an off-by-one error
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
Velocidex Velociraptor has an off-by-one error
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
EUVD-2026-27516
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an improper cleaning order of wave5 devices. This vulnerability may allow access to hardware registers...
PT-2026-37338
Name of the Vulnerable Software and Affected Versions Velocidex Velociraptor versions prior to 0.76.5 Description An off-by-one error in the ConsumeUnit16Array and ConsumeUnit64Array functions allows a local attacker to cause a Denial of Service DoS via a process crash. This occurs when a special...
SUSE CVE-2026-31778
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix stack out-of-bounds read in initcard The loop creates a whitespace-stripped copy of the card shortname where len id is used for the bounds check. Since sizeofcard-id is 16 and the local id buffer is also 16 bytes...