474 matches found
CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
CVE-2026-14454
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
EUVD-2026-42226
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
CVE-2026-14454
Imager for Perl prior to 1.033 mishandles unsigned EXIF IFD entry counts by treating them as signed, potentially causing an attempt to allocate a block near the address space and terminating a worker process. This can be triggered by crafting an image with crafted EXIF data. The published fix is ...
CVE-2026-20213
A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...
CVE-2026-58051
A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...
CVE-2026-4526
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-47149
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...
CVE-2026-47150
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
EUVD-2026-39405
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
VulnCheck KEV: CVE-2025-1055
A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected ...
MAL-2026-5554 Malicious code in express-self-destruct2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21246439a04267591c998594f92ac1267c86698f5dcc3463ad2cd932abb04dc On install, the package's postinstall hook scripts/inject.js locates the installer's project root and main entry from package.json or fallbacks...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...
CVE-2026-44902
A flaw was found in opentelemetry-js, specifically within the OpenTelemetry JavaScript JS Prometheus exporter. A remote attacker could exploit this vulnerability by sending a single malformed HTTP request to the metrics endpoint. This lack of proper error handling during URL parsing can cause an...
CVE-2026-40060
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40604
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...
CVE-2026-35081
CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...
CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
MBS多款产品 输入验证错误漏洞
MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have a vulnerability related to input validation errors. This vulnerability stems from the insufficient input validation provided by the ugw-logstop method,...
CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...