Lucene search
K

71 matches found

Cvelist
Cvelist
added 2026/07/01 3:33 a.m.35 views

CVE-2026-7838 UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS0.01403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54488

Name of the Vulnerable Software and Affected Versions UltraVNC viewer versions prior to 1.8.2.3 Description An integer overflow exists in the RFB protocol failure-response parsing path within the vncviewer/ClientConnection.cpp file. The issue occurs when the 4-byte network-supplied reasonLen fiel...

8.8CVSS6.9AI score0.01403EPSS
Exploits0References10
NVD
NVD
added 2026/06/30 1:19 p.m.11 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS0.00373EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

UBUNTU-CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS5.8AI score0.00373EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 1:2 p.m.45 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS0.00373EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/16 10:54 a.m.10 views

libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling

A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information...

7.1CVSS5.3AI score0.00094EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 12:56 p.m.13 views

EUVD-2026-32303

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

5.8AI score0.00143EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unsigned overflow in the zerofslz4handleoverlap function within erofs. This vulnerability may...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 6:4 p.m.27 views

CVE-2026-33642

CVE-2026-33642 affects Kitty up to version 0.46.2. The issue arises in handle_compose_command() in kitty/graphics.c, where 32-bit unsigned arithmetic for composition offsets can wrap and enable a heap buffer over-read/over-write. An attacker who can emit output to a Kitty terminal (e.g., maliciou...

9.9CVSS5.8AI score0.00286EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.6 views

CVE-2026-31780

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation The variable valuesize is declared as u8 but accumulates the total length of all SSIDs to scan. Each SSID contributes up to 33 bytes IEEE80211MAXSSIDLEN + 1, an...

7.8CVSS6AI score0.00143EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 1:27 a.m.6 views

CVE-2026-39886 OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl()

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

5.3CVSS5.8AI score0.00302EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.6 views

CVE-2026-5444

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation,...

7.1CVSS6AI score0.00162EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/13 11:25 p.m.5 views

SUSE CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

4.4CVSS5.8AI score0.00094EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/12 6:16 p.m.28 views

CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

4CVSS0.00094EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/12 6:16 p.m.8 views

CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

7.1CVSS5.2AI score0.00094EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/12 6:16 p.m.6 views

CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

4CVSS5.8AI score0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/04/12 6:16 p.m.22 views

CVE-2026-40385

CVE-2026-40385 affects libexif up to 0.6.25, with an unsigned 32‑bit overflow in Nikon MakerNote handling on 32‑bit systems that can lead to crashes or information disclosure. Connected advisories confirm availability of fixes (e.g., Debian LTS advisory fixing to a newer libexif version; other ad...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.8 views

PT-2026-32180

Name of the Vulnerable Software and Affected Versions libexif versions through 0.6.25 Description A flaw exists in libexif that involves an unsigned 32bit integer overflow when handling Nikon MakerNote data. This issue can lead to crashes or information leaks. The issue is limited to 32bit system...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References45
Vulnrichment
Vulnrichment
added 2026/04/09 2:42 p.m.2 views

CVE-2026-5444 Heap Buffer Overflow in PAM Image Buffer Allocation

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation,...

6AI score0.00162EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/06 3:22 p.m.5 views

CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

5.9CVSS5.4AI score0.00255EPSS
Exploits1
Rows per page
Query Builder