Lucene search
+L

1292 matches found

vulnrichment
vulnrichment
added 2026/05/11 10:17 p.m.9 views

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/11 10:17 p.m.41 views

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS0.00157EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.10 views

Barebox 输入验证错误漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of barebox prior to 2026.04.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows and unvalidated boundaries within the EFI PE loader, which could...

8.6CVSS6.1AI score0.00157EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.29 views

PT-2026-39869

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description Multiple memory-safety issues exist in the EFI PE loader within the efi/loader/pe.c file. An integer overflow occurs during virtual image size computation when using 32-bit arithmetic on section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References6
nvd
nvd
added 2026/04/15 4:17 a.m.8 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS0.01184EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/15 2:5 a.m.4 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References7
alpinelinux
alpinelinux
added 2026/04/15 2:5 a.m.8 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References5
debiancve
debiancve
added 2026/04/15 2:5 a.m.27 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS5.8AI score0.01184EPSS
Exploits1
susecve
susecve
added 2026/04/10 11:25 p.m.4 views

SUSE CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References3
nvd
nvd
added 2026/04/09 5:16 p.m.9 views

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS0.00143EPSS
Exploits0References3
nvd
nvd
added 2026/04/09 5:16 p.m.5 views

CVE-2026-39855

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

5.5CVSS0.00143EPSS
Exploits0References3
osv
osv
added 2026/04/09 5:16 p.m.2 views

DEBIAN-CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.5AI score0.00143EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/04/09 5:16 p.m.3 views

CVE-2026-39855

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References4
osv
osv
added 2026/04/09 5:16 p.m.6 views

UBUNTU-CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/04/09 4:16 p.m.5 views

CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.1AI score0.00163EPSS
Exploits0References4
osv
osv
added 2026/04/09 4:16 p.m.8 views

UBUNTU-CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.1AI score0.00163EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/04/09 4:3 p.m.4 views

CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References3
euvd
euvd
added 2026/04/09 4:3 p.m.4 views

EUVD-2026-20946

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS6AI score0.00143EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/09 4:3 p.m.19 views

CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS0.00143EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/09 4:3 p.m.2 views

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS6AI score0.00143EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder