Lucene search
K

669 matches found

Microsoft CVE
Microsoft CVE
added yesterday9 views

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

...

8.4CVSS6.1AI score0.00196EPSS
Exploits0
OSV
OSV
added 3 days ago3 views

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

0.00196EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-57432

CVE-2026-57432 detail (supported by connected docs): Perl versions through 5.43.10 contain an integer overflow in the S_measure_struct function that sums item sizes (size × repeat) without overflow checks. A large repeat count in a pack or unpack template can wrap the signed SSize_t total negativ...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 3 days ago2 views

Linux Distros Unpatched Vulnerability : CVE-2026-57432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-10652

Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...

7.4CVSS0.00252EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/30 6:29 a.m.7 views

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-469 PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

9.4CVSS6AI score0.00379EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52341

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SCTP server's processing of COOKIE ECHO chunks. When parsing the cached peer INIT chunk embedded after the cookie, the system fails to validate the chunk header leng...

9.8CVSS6.1AI score0.00481EPSS
Exploits0References17
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak was fixed in the verifyheader function. The function sets ns = NULL on every call, causing a memory leak for the namespace string allocated in previous iterations when multiple profiles are unpacked. This...

5.5CVSS5.7AI score0.00177EPSS
Exploits0References3
Redos
Redos
added 2026/06/15 12:0 a.m.8 views

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.11 views

ROS-20260615-73-0013

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6650

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS5.1AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.7AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. All versions of Cloud Foundry BOSH Director, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the use of the na...

8.7CVSS5.5AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.31 views

CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

5.5CVSS0.00114EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2026/06/02 12:0 a.m.9 views

CVE-2026-41010 - Release Job Name Command Injection on BOSH Director | Cloud Foundry

CVSSv4: High 8.7 CVSS:4.0:/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH Director – All versions prior to v282.1.12 Description...

8.7CVSS6AI score0.00122EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.12 views

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 8:16 p.m.11 views

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS0.0051EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 8:16 p.m.47 views

UBUNTU-CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0References9
Rows per page
Query Builder