Lucene search
+L

189 matches found

cve
cve
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52964

Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/06/10 2:16 a.m.11 views

CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS0.00246EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.13 views

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

7.1CVSS5.7AI score0.00232EPSS
Exploits0References1
osv
osv
added 2026/05/05 6:3 p.m.11 views

CLSA-2026-1778004214 vim: Fix of 5 CVEs

CVE-2022-2124: fix out-of-bounds read in currentquote when searching for quotes goes over the end of the line textobject.c, upstream patch 8.2.5120 - CVE-2022-2126: fix invalid index use in suggesttriewalk when tsfidx is zero spellsuggest.c, upstream patch 8.2.5123 - CVE-2022-2207: fix read...

7.8CVSS7.1AI score0.02122EPSS
Exploits5References1
osv
osv
added 2026/05/05 11:22 a.m.27 views

CLSA-2026-1777980164 vim: Fix of 5 CVEs

CVE-2022-2124: fix out-of-bounds read in currentquote when searching for quotes goes over the end of the line textobject.c, upstream patch 8.2.5120 - CVE-2022-2126: fix invalid index use in suggesttriewalk when tsfidx is zero spellsuggest.c, upstream patch 8.2.5123 - CVE-2022-2207: fix read...

7.8CVSS7.1AI score0.02122EPSS
Exploits5References1
attackerkb
attackerkb
added 2026/05/01 12:0 a.m.2 views

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References3
cve
cve
added 2026/05/01 12:0 a.m.17 views

CVE-2026-37532

CVE-2026-37532 affects AGL agl-service-can-low-level up to version 17.1.12, with a heap buffer over-read in the isotp-c library. In isotp_continue_receive, payload_length for a Single Frame is read from a 4-bit nibble, yielding 0–15, but a standard CAN frame has only 8 bytes and payload starts at...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/04/30 9:11 a.m.8 views

CLSA-2026-1777540266 vim: Fix of 10 CVEs

CVE-2022-2182: in doonecmd, after ";" sets curwin-wcursor.lnum to ea.line2, call checkcursor instead of checkcursorlnum so the column is validated too, and fall back to checkcursorcol when ea.line2 is zero, preventing read past end-of-line on ":0;'". - CVE-2022-2206: in checkshellsize, clamp...

7.8CVSS7AI score0.02645EPSS
Exploits10References1
nessus
nessus
added 2026/04/14 12:0 a.m.2 views

Adobe InDesign < 20.5.3 / 21.0 < 21.3.0 Multiple Vulnerabilities (APSB26-32) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 20.5.3, 21.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-32 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2026-34627,...

7.8CVSS6.5AI score0.00178EPSS
Exploits0References10
cve
cve
added 2026/03/20 8:32 p.m.26 views

CVE-2026-33165

libde265 prior to v1.0.17 is affected by a heap out-of-bounds write triggered by a crafted HEVC bitstream. The root cause is a stale ctb_info.log2unitSize after an SPS change, where PicWidthInCtbsY and PicHeightInCtbsY remain constant while Log2CtbSizeY changes, causing set_SliceHeaderIndex to in...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/02/10 7:15 p.m.12 views

CVE-2026-21345

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS0.00157EPSS
Exploits0References1
astralinux
astralinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4xattrinodedecrefall' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue:...

7.8CVSS6.4AI score0.00167EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS5.5AI score0.0073EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:6 a.m.7 views

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

6CVSS6.3AI score0.00553EPSS
Exploits0References1
cve
cve
added 2025/12/31 6:58 a.m.32 views

CVE-2025-15270

FontForge SFD File Parsing vulnerabilities (CVE-2025-15270) arise from improper validation of data while parsing SFD files, causing out-of-bounds writes and remote code execution. The connected Mageia advisory confirms a FontForge fix in updated packages; other sources describe the same issue and...

8.8CVSS7.2AI score0.00581EPSS
Exploits0References1Affected Software1
mscve
mscve
added 2025/11/01 1:1 a.m.4 views

bnxt: Do not read past the end of test names

...

5.5CVSS7AI score0.00176EPSS
Exploits0
nessus
nessus
added 2025/10/06 12:0 a.m.5 views

RockyLinux 10 : kernel (RLSA-2025:9348)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:9348 advisory. kernel: proc: fix UAF in procgetinode CVE-2025-21999 kernel: ext4: fix off-by-one error in dosplit CVE-2025-23150 kernel: ext4: ignore xattrs past end...

7.8CVSS7.2AI score0.002EPSS
Exploits0References7
nessus
nessus
added 2025/09/10 12:0 a.m.8 views

EulerOS 2.0 SP12 : libarchive (EulerOS-SA-2025-2013)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and...

7.8CVSS6.7AI score0.00341EPSS
Exploits2References5
nessus
nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-1534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read at parserawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intente...

7.1CVSS6.5AI score0.00342EPSS
Exploits1References2
suse
suse
added 2025/08/20 11:36 a.m.4 views

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...

7.3CVSS7AI score0.00341EPSS
Exploits2References20
Rows per page
Query Builder