Lucene search
K

229 matches found

EUVD
EUVD
added 2026/05/28 9:36 a.m.18 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.00478EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS0.00478EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.7 views

CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.7AI score0.00478EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/28 9:36 a.m.55 views

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 compound op function. This occurs when a server sends a truncated response with a large OutputBufferLength and terminates the EA list early. In...

9.1CVSS5.9AI score0.00478EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44359

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xbox remote component of the media subsystem where the IO buffer is part of the device structure. This configuration violates DMA Direct Memory Access coherency...

9.8CVSS6.1AI score0.03663EPSS
Exploits15References286
RedHat Linux
RedHat Linux
added 2026/05/26 1:50 a.m.19 views

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

8.2CVSS7.2AI score0.00541EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28686

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

6AI score0.00143EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38626

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.0 through 0.10.78 Description Incorrect output buffer sizing occurs when using AES key-wrap-with-padding ciphers EVP aes 128,192,256 wrap pad. For inputs that are not a multiple of 8, OpenSSL may write up to 7 bytes...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 5:16 p.m.14 views

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

7.8CVSS0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 4:43 p.m.7 views

EUVD-2025-209633

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:43 p.m.3 views

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36844

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when another driver calls an IOCTL Input/Output Control, which is a device driver communication mechanism, using an invalid input or...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from the use of an ineffective output buffer to process camera sensor input/output control codes, potentially leading to memory...

7.8CVSS5.9AI score0.00075EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unchecked response buffer size in the QUERYINFO path of the smb2ioctlqueryinfo function. This...

8.1CVSS5.9AI score0.00307EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.5 views

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

8.6CVSS5.4AI score0.00482EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2026/04/27 5:41 a.m.9 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

9.8CVSS5.6AI score0.00453EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/24 5:19 p.m.32 views

CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from sa...

9.3CVSS0.00373EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:8 a.m.6 views

ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

...

9.8CVSS5.2AI score0.00502EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/23 4:0 a.m.5 views

CVE-2026-41988

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...

3.2CVSS5.3AI score0.00138EPSS
Exploits0
Rows per page
Query Builder