Lucene search
K

322 matches found

CVE
CVE
added 2026/07/07 7:47 p.m.15 views

CVE-2026-58471

GNU Wget up to 1.25.0 contains a heap buffer overflow in convert_fname() (src/url.c) that can be triggered by a server-supplied filename requiring character set conversion. When the output buffer is too small and iconv E2BIG reallocates, the remaining space is miscalculated, allowing memory corru...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 7:47 p.m.4 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/07 7:47 p.m.4 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS6.2AI score0.00221EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/07/07 7:47 p.m.5 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 7:47 p.m.6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2026/06/28 1:32 a.m.4 views

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS6.6AI score0.0028EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53083

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/27 3:5 a.m.10 views

CVE-2026-53228

A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 6:29 p.m.7 views

CVE-2026-56132

A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly...

6.9CVSS6.2AI score0.00107EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 9:55 p.m.7 views

CVE-2026-52993

A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...

9.8CVSS6.2AI score0.00351EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 8:39 a.m.1 views

CVE-2026-53213 drm/vc4: fix krealloc() memory leak

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc memory leak Don't just overwrite the original pointer passed to krealloc with its return value without checking latter: MEM = kreallocMEM, SZ, GFP; If krealloc returns NULL, that erases the pointer to the...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-52993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being...

9.8CVSS6AI score0.00351EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38861

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

5.7AI score0.00351EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 4:29 p.m.9 views

CVE-2026-53047

CVE-2026-53047 affects the Linux kernel’s efi/capsule-loader. The vulnerability arises from a mis-sized allocation in __efi_capsule_setup_info(): the krealloc() for cap_info->phys uses sizeof(phys_addr_t *) instead of sizeof(phys_addr_t). This can produce an undersized allocation, inconsistent...

6AI score0.00195EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.1 views

CVE-2026-53047 efi/capsule-loader: fix incorrect sizeof in phys array reallocation

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...

6AI score0.00195EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.30 views

CVE-2026-52993 tipc: fix double-free in tipc_buf_append()

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

9.8CVSS0.00351EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-52993 tipc: fix double-free in tipc_buf_append()

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

9.8CVSS5.8AI score0.00351EPSS
Exploits0References14
CVE
CVE
added 2026/06/24 4:29 p.m.11 views

CVE-2026-52993

Summary (CVE-2026-52993): In the Linux kernel TIPC module, a double-free flaw occurs in tipc_buf_append() when tipc_msg_validate() reallocates an skb and the code incorrectly frees the original skb. The root cause is that the validation path may free a previously freed skb if reallocation occurs,...

9.8CVSS5.7AI score0.00351EPSS
Exploits0References11Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height were updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE, but width/height have...

7.5CVSS6.3AI score0.00265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51887

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free flaw exists in the Transparent Inter-Process Communication TIPC module. The issue occurs within the tipc buf append function when it incorrectly handles memory after a sock...

9.8CVSS6.2AI score0.00351EPSS
Exploits0References89
Rows per page
Query Builder