Lucene search
K

325 matches found

Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-59936 pypdf: Possible infinite loop for not terminated inline images

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2 days ago7 views

CVE-2026-59936

Technical details about CVE-2026-59936 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected versions, impact, and fixes.

8.7CVSS6AI score0.00301EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.10 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...

7.8CVSS6.1AI score0.00197EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 7:17 p.m.8 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...

7.8CVSS5.7AI score0.00197EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 6:39 p.m.6 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...

7.8CVSS5.7AI score0.00197EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 5:7 a.m.12 views

MGASA-2026-0188 Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

8.7CVSS6AI score0.00559EPSS
Exploits8References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45252

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

5.5CVSS5.6AI score0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 6:4 p.m.11 views

CVE-2026-43623 microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:4 p.m.13 views

EUVD-2026-33741

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:4 p.m.11 views

CVE-2026-43623

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00318EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 6:4 p.m.20 views

CVE-2026-43623

CVE-2026-43623 affects microtar up to version 0.1.0. A stack-based buffer overflow in the raw_to_header() function (src/microtar.c) can be triggered by crafted TAR archives with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar fields, which can write ...

8.8CVSS6AI score0.00318EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45517

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00318EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 3:43 p.m.13 views

RLSA-2026:19365 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/21 9:8 a.m.38 views

CVE-2026-45252 Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:8 a.m.12 views

CVE-2026-45252 Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

5.8AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:8 a.m.7 views

CVE-2026-45252

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

5.5CVSS5.8AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 5:15 a.m.8 views

USN-8202-3 jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

7.5CVSS6AI score0.00366EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fuse: Fixed corruption of the io-uring list for terminated, uncommitted requests. When a request terminates before it has been committed, the request is not removed from the queue’s list. This results in a dangling list entry,...

5.4AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/paprscm: Fixed the issue where elements of nvdimmeventsmap were leaking during calls to paprscmpmucheckevents, paprscmremove, and paprscmpmuregister. Additionally, the error paths in paprscmpmucheckevents were correcte...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 10:19 p.m.12 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Rows per page
Query Builder