Lucene search
+L

13 matches found

SUSE CVE
SUSE CVE
added 2026/07/11 3:26 a.m.6 views

SUSE CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.2AI score0.00248EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/10 12:31 a.m.8 views

EUVD-2026-42768

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
NVD
NVD
added 2026/07/09 10:17 p.m.8 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS0.00248EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.30 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

0.00248EPSS
Exploits1References3
CVE
CVE
added 2026/07/09 12:0 a.m.9 views

CVE-2026-39243

The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56968

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...

5.5CVSS6.2AI score0.00248EPSS
Exploits1References6
OSV
OSV
added 2024/11/22 9:15 p.m.3 views

CVE-2024-8839

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...

5.5CVSS4.9AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/15 10:12 a.m.28 views

CVE-2024-20725 Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability I

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.9AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2023/09/04 3:15 a.m.5 views

CVE-2023-20843

In imgsyscmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119...

4.2CVSS5.7AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2023/06/06 1:15 p.m.8 views

CVE-2023-20728

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603...

4.4CVSS5.9AI score0.00093EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...

4.4CVSS7.5AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.7 views

MediaTek flv extractor 缓冲区错误漏洞

MediaTek flv extractor is a chipset from Mediatek, a Chinese company. MediaTek flv extractor suffers from a buffer error vulnerability that stems from a lack of bounds checking, which could result in an out-of-bounds read. This could lead to the disclosure of local information without additional...

5.5CVSS6.1AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2021/02/04 8:15 p.m.6 views

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 and Services could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain t...

5.5CVSS6.2AI score0.00887EPSS
Exploits0References4
Rows per page
Query Builder