Lucene search
K

2549 matches found

OSV
OSV
added 2026/07/07 9:17 p.m.2 views

UBUNTU-CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.2AI score0.00247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/07 7:45 p.m.3 views

CVE-2026-58470 GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 7:45 p.m.5 views

EUVD-2026-42082

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/07 7:45 p.m.4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/07 3:16 p.m.8 views

SUSE CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

7.5CVSS6AI score0.00211EPSS
Exploits0References9
PyPA
PyPA
added 2026/07/07 2:34 p.m.6 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1026 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

5.5CVSS5.9AI score0.00333EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-955 Undefined behavior when users supply invalid resource handles

Impact Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid: python import tensorflow as tf tf.rawops.QueueIsClosedV2handle= python import tensorflow as tf tf.summary.flushwriter= In graph mode, it would have been impossible to perform these...

5.5CVSS5.9AI score0.00317EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1032 Missing validation results in undefined behavior in `SparseTensorDenseAdd

Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References11
OSV
OSV
added 2026/06/30 11:30 a.m.3 views

OPENSUSE-SU-2026:21183-1 Security update for nilfs-utils

This update for nilfs-utils fixes the following issues: Changes in nilfs-utils: - CVE-2026-55392: Fixed undefined behavior in nilfssbisvalid bsc1268553...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 7:1 a.m.7 views

CVE-2026-53151

A flaw was found in the Linux kernel's AFRXRPC subsystem. This vulnerability involves incorrect handling of fragmented UDP packets when parsing the SACK Selective Acknowledgment table. An attacker could potentially craft a fragmented UDP packet to trigger an incorrect buffer access within the...

9.8CVSS5.9AI score0.00497EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:44 p.m.12 views

CVE-2026-52931

A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...

9.8CVSS5.9AI score0.00404EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7AI score0.00418EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, the progressivedecompresstileupgrade function detected mismatches using progressiverfxquantcmpequal, but only emitted a WLogWARN message; execution continued. The wrapped value 247 was used as a shift...

7.5CVSS6.1AI score0.00426EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Firefox

Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

9.1CVSS5.8AI score0.00322EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

8.1CVSS7AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 a.m.10 views

CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS0.00404EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 3:41 p.m.5 views

SUSE-SU-2026:2599-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.2AI score0.01073EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.10 views

CVE-2026-55392

A flaw was found in NILFS utilities. An attacker can exploit this vulnerability by supplying a crafted NILFS2 image. This can lead to undefined behavior, oversized shifts, or out-of-memory conditions, ultimately causing a Denial of Service DoS by crashing tools such as nilfs-tune and dumpseg...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:4 a.m.2 views

SUSE-SU-2026:22248-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.3AI score0.01073EPSS
Exploits1References11
Rows per page
Query Builder