496 matches found
CVE-2026-44710 pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...
CVE-2026-42443
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...
DEBIAN-CVE-2026-42285
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...
CVE-2026-31797
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...
CVE-2025-48021
The CVE-2025-48021 entry concerns Yokogawa Electric Corporation’s Vnet/IP Interface Package for CENTUM VP R6/R7 (VP6C3300/VP7C3300), affected when R1.07.00 or earlier is installed. The vulnerability is triggered by maliciously crafted packets, and may cause the Vnet/IP software stack to terminate...
CVE-2025-48019
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package for CENTU...
PT-2026-7694
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application cras...
CVE-2020-37131
CVE-2020-37131 affects Nsauditor Product Key Explorer 4.2.2.0. A local denial-of-service flaw can crash the application by pasting a crafted 1000-byte payload (repeating characters) into the Key input. Public references document the input field handling for registration keys as the trigger. Explo...
Easy CD & DVD Cover Creator has a security vulnerability
Easy CD & DVD Cover Creator is a CD/DVD cover creation software developed by Ben Williamson. Version 4.13 of Easy CD & DVD Cover Creator has a security vulnerability; this vulnerability stems from a buffer overflow in the serial number input field, which may cause the application to crash...
PT-2026-3184
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability...
CVE-2018-18512
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5...
CVE-2020-7560
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...
CVE-2024-2613
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...
CVE-2025-62372
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...
HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder
Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...
EUVD-2018-6711
Malware in sbrugna...
EUVD-2020-3362
Malware in sbrugna...
EUVD-2021-17076
Malware in sbrugna...
EUVD-2002-1948
Malware in sbrugna...
EUVD-2016-10164
Malware in sbrugna...