Lucene search
K

24 matches found

OSV
OSV
added 2026/06/19 9:17 p.m.10 views

DEBIAN-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References1
NVD
NVD
added 2026/06/19 9:17 p.m.9 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 8:9 p.m.21 views

CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/06/19 8:9 p.m.26 views

CVE-2026-49295

CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51026

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20 Description An open source implementation of the h.265 video codec contains an issue where a crafted H.265 bitstream can trigger an out-of-bounds array write within the decoder context::process reference pictu...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1981

Malware in sbrugna...

1.2CVSS6.4AI score0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-4434

Malware in sbrugna...

9.3CVSS6.1AI score0.03119EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/05 1:53 p.m.28 views

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

0.00341EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.12 views

Zero address Salt used in Creating delegate contract

Lines of code Vulnerability details Impact A zero-valued salt used, means an attacker can predict the contract address of a new delegate, this can lead an attacker to create the ERC20ProxyDelegator on behalf of the user, this is to allow for max access to the tokens to be transfered Proof of...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/01/24 2:25 p.m.21 views

FusionCMS (FusionGen) Takeover account - Predictable Key and Password Generation in Password Recovery Feature

Description It was discovered that the password recovery feature on the website is vulnerable to predictable key and password generation. An attacker is able to predict the key used in the password recovery process and the generated password itself by using a specific PHP command and the user's...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.7 views

The vulnerability of the PV_DecodePredictedIntraDC function (dec_pred_intra_dc.cpp) in the Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the PVDecodePredictedIntraDC function decpredintradc.cpp in the Android operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.01345EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/12 4:0 p.m.41 views

CVE-2022-28693

Unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

4.7CVSS6.4AI score0.00165EPSS
Exploits0References6
NVD
NVD
added 2021/06/08 1:15 p.m.29 views

CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

8.8CVSS0.00849EPSS
Exploits1References2
Prion
Prion
added 2021/06/08 1:15 p.m.16 views

Cross site request forgery (csrf)

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

6.8CVSS8.6AI score0.00849EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/03/21 12:56 a.m.48 views

CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS4AI score0.03478EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2020/05/29 10:42 p.m.201 views

NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)

The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...

7.5CVSS0.9AI score0.99961EPSS
Exploits27
OSV
OSV
added 2019/12/09 9:15 p.m.2 views

DEBIAN-CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

4.3CVSS5AI score0.01543EPSS
Exploits0References1
OSV
OSV
added 2019/10/11 7:15 p.m.5 views

CVE-2019-2184

In PVDecodePredictedIntraDC of decpredintradc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1...

8.8CVSS6.3AI score0.01345EPSS
Exploits0References1
Rows per page
Query Builder