Lucene search
+L

662 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41992

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description An issue exists in the handle compose command function within kitty/graphics.c where bounds validation on composition offsets uses unsigned 32-bit arithmetic. This process is subject to integer...

9.9CVSS5.8AI score0.00286EPSS
Exploits1References16
OSV
OSV
added 2026/05/18 5:56 p.m.12 views

GHSA-WP73-MWGF-4JQ9 OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.23 views

OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41782

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The replacement ELF parser trusts section offsets, counts, and string offsets from executable files. A crafted local ELF file can cause the agent to dereference invalid...

5.5CVSS5.8AI score0.00162EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/15 4:13 p.m.12 views

CVE-2026-7258

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.6AI score0.00337EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.13 views

SUSE CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond 1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for a...

7CVSS5.8AI score0.00142EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.19 views

PT-2026-40281

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.12 views

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS0.00142EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 6:16 p.m.6 views

UBUNTU-CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References4
CVE
CVE
added 2026/05/11 5:14 p.m.24 views

CVE-2026-41257

The CVE concerns jq (1.8.1 and earlier) where the bytecode VM’s data stack uses a signed int to track allocation size. When the stack grows beyond ~1 GiB (e.g., via deeply nested generator forks), the doubling arithmetic overflows, causing the wrapped value to be passed to realloc and then used f...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/11 5:14 p.m.3 views

CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

7.3CVSS6AI score0.00142EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.14 views

SUSE CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

7.8CVSS5.7AI score0.00099EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39711

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. Th...

7.3CVSS5.8AI score0.00157EPSS
Exploits2References57
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: sane-backends (UTSA-2026-017583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017583 advisory. An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, su...

4.3CVSS5.8AI score0.01006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017584 advisory. In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavi...

4.3CVSS6.7AI score0.01072EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/08 11:51 p.m.13 views

CVE-2026-43433

A flaw was found in the Linux kernel's rustbinder component. If a local process gains the ability to write to its own virtual memory area VMA, it could exploit a time-of-check to time-of-use TOCTOU vulnerability. This allows the process to alter the offsets array during a transaction before it is...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.17 views

EUVD-2026-28739

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

5.7AI score0.00099EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

7.8CVSS0.00099EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 2:22 p.m.16 views

CVE-2026-43433

The CVE-2026-43433 entry refers to a Linux kernel issue in the rust_binder component: a TOCTOU opportunity where a local process that can write to its own VMA could alter the offsets array before it is read back during a transaction, potentially enabling privilege escalation to the sender. The fi...

7.8CVSS5.7AI score0.00099EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:22 p.m.5 views

CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

5.7AI score0.00099EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder