Lucene search
K

226 matches found

CVE
CVE
added 2026/06/10 9:26 p.m.26 views

CVE-2026-45358

CVE-2026-45358 concerns ImageMagick, where an off-by-one in the meta encoder can cause an out-of-bounds read of a single byte. Affected releases include 6.9.13-46, 7.1.2-21 and earlier; it has been patched in 6.9.13-47 and 7.1.2-22. Other CVEs in the related advisories (e.g., CVE-2026-42326, CVE-...

5.3CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/09 6:30 p.m.15 views

EUVD-2026-35477

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.62 views

CVE-2026-34181

The CVE-2026-34181 issue affects PKCS#12 file processing in OpenSSL where insufficient input validation for PBMAC1 allows forging certificates and private keys. An attacker impersonating a user could cause a service that reads PKCS#12 files to accept forged certificates and keys with about a 1 in...

7.4CVSS5.6AI score0.00196EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.13 views

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS5.6AI score0.00196EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.13 views

SUSE CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:20 p.m.10 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS5.9AI score0.0013EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 1:20 p.m.50 views

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS0.0013EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 1:20 p.m.15 views

EUVD-2026-32500

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS5.9AI score0.0013EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/27 1:20 p.m.10 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/27 1:20 p.m.18 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43972

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A one-byte out-of-bounds read exists in the parse iad array function within descriptor.c. This occurs when a malformed USB descriptor is supplied where the bLength equals the size minus one, causing...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.14 views

Astra Linux – Vulnerability in tar

GNU Tar version 1.34 has a one-byte out-of-bounds read operation, which allows for the use of uninitialized memory in a conditional jump. Exploitation to change the control flow of the program has not been demonstrated. The issue occurs in the fromheader section of the list.c file, due to a V7...

5.5CVSS6.7AI score0.04524EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Thunderbird

It may be possible for an attacker to create an email message that causes Thunderbird to perform an out-of-bounds write operation, writing one byte when processing the message. This vulnerability affects Thunderbird versions prior to 91.6.1...

8.8CVSS7.2AI score0.00701EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.14 views

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.11 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

7.1CVSS0.00217EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:23 p.m.9 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/08 3:16 p.m.25 views

CVE-2026-43452

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...

8.2CVSS0.00443EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39113

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the netfilter x tables component allows for 1-byte tail reads. This occurs when the last byte of options is a non-single-byte option kind, causing walkers that advance using i ...

8.2CVSS5.4AI score0.00443EPSS
Exploits0References94
OSV
OSV
added 2026/05/07 4:16 a.m.6 views

UBUNTU-CVE-2026-44603

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References6
Rows per page
Query Builder