Lucene search
K

651 matches found

redhat
redhat
added 2026/06/22 1:35 a.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00321EPSS
Exploits11References6
snyk
snyk
added 2026/06/19 7:8 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/19 5:16 p.m.4 views

CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
redhat
redhat
added 2026/06/19 4:39 p.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00321EPSS
Exploits11References6
susecve
susecve
added 2026/06/17 2:16 a.m.22 views

SUSE CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS5.5AI score0.00321EPSS
Exploits11References16
nvd
nvd
added 2026/06/16 8:16 a.m.19 views

CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS0.00321EPSS
Exploits11References43
cvelist
cvelist
added 2026/06/16 6:26 a.m.53 views

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS0.00321EPSS
Exploits11References8
attackerkb
attackerkb
added 2026/06/16 6:26 a.m.5 views

CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS5.8AI score0.00321EPSS
Exploits11References9Affected Software1
euvd
euvd
added 2026/06/16 6:26 a.m.13 views

EUVD-2026-37039

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

5.5AI score0.00321EPSS
Exploits11References1
cve
cve
added 2026/06/16 6:26 a.m.525 views

CVE-2026-46331

CVE-2026-46331 affects the Linux kernel’s net/sched packet editing path, specifically the per-key handling in act_pedit where the writable Copy-on-Write (COW) region was calculated before the actual write offset was known. The runtime header offset from typed keys could leave portions of memory u...

7.8CVSS5.4AI score0.00321EPSS
Exploits11References43Affected Software1
nvd
nvd
added 2026/06/15 8:16 p.m.14 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS0.00221EPSS
Exploits0References3
cve
cve
added 2026/06/15 7:10 p.m.33 views

CVE-2026-53704

GStreamer: RealMedia demuxer in gst-plugins-ugly contains an out-of-bounds read in the FILEINFO metadata parser. The demuxer parses variable-name and variable-value pairs with re_skip_pascal_string() without validating offsets against the mapped buffer, and the element count used to control the p...

7.1CVSS5.3AI score0.00221EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.5 views

CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/15 7:10 p.m.8 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS4.8AI score0.00221EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49340

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the RealMedia demuxer within the gst-plugins-ugly package. When processing a RealMedia file with a specially crafted FILEINFO metadata section, the demuxer uses the re skip...

7.1CVSS6AI score0.00221EPSS
Exploits0References20
euvd
euvd
added 2026/06/12 6:29 p.m.11 views

EUVD-2026-32914

pypdf: Possible large memory usage for large offsets for layout mode text...

5.5CVSS5.1AI score0.00127EPSS
Exploits0References4
osv
osv
added 2026/06/12 6:29 p.m.38 views

GHSA-CJ93-CHG6-VGV8 pypdf: Possible large memory usage for large offsets for layout mode text

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to immediately upgrade, they should...

4.8CVSS5.2AI score0.00127EPSS
Exploits0References5
github
github
added 2026/06/12 6:29 p.m.14 views

pypdf: Possible large memory usage for large offsets for layout mode text

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to immediately upgrade, they should...

5.5CVSS5.1AI score0.00127EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.11 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.4AI score0.00102EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.4AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder