Lucene search
K

250 matches found

Cvelist
Cvelist
added 2026/06/30 11:8 p.m.33 views

CVE-2026-54500 Oj: intern.c form_attr has an uninitialized stack read

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 9:14 a.m.5 views

CVE-2026-53243

A flaw was found in the Linux kernel. An uninitialized stack variable in the rseqexituserupdate function can lead to an information leak. This occurs due to an indeterminate sequencing of expressions during the initialization of the rseqids structure, where ids.nodeid is assigned using an...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53243

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to ...

6.2AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52995

In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...

0.00176EPSS
Exploits0References8
NVD
NVD
added 2026/06/09 11:17 p.m.12 views

CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.17 views

UBUNTU-CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS5.3AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...

7.1CVSS5.3AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:18 p.m.7 views

JLSEC-2026-569

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

7.5CVSS5.9AI score0.00371EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.11 views

PT-2026-49252

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

7.5CVSS5.7AI score
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/30 1:50 a.m.39 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 7:50 p.m.14 views

CVE-2026-46132

A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...

7CVSS5.8AI score0.00128EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A vulnerability related to uninitialized stack variables has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When the size is less than 4, the program calls gstbufferunmap with an...

9.8CVSS8.2AI score0.01005EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/17 6:30 p.m.6 views

EUVD-2026-12586

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source connection tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

6.9CVSS7.2AI score0.0218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 8:27 a.m.4 views

CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

9.3CVSS5.9AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 8:27 a.m.42 views

CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

9.3CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 8:27 a.m.30 views

CVE-2026-24798

CVE-2026-24798 concerns an improper restriction of operations within the bounds of a memory buffer tied to GaijinEntertainment’s DagorEngine (and related 3rd‑party modules such as miniupnpc). Connected sources indicate affected software/versions include DagorEngine up to dagor_2025_01_15, Cardboa...

9.3CVSS5.9AI score0.00276EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001244 advisory. Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive...

5.5CVSS6.4AI score0.00413EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : qemu-kvm-1.5.3-167.el7 (AXSA:2019-4177:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4177:04 advisory. QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 Tenable has extracted the preceding description block directly...

5.5CVSS6.6AI score0.00515EPSS
Exploits0References2
Rows per page
Query Builder