23 matches found
CVE-2026-42478
An issue was discovered in VrmlDataIndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointe...
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
EUVD-2026-21216
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
DEBIAN-CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
UBUNTU-CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
CVE-2026-31411
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...
CVE-2026-31411
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...
Linux Distros Unpatched Vulnerability : CVE-2026-31411
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc point...
CLSA-2026-1774346288 vim: Fix of 2 CVEs
CVE-2026-28417: fix OS command injection via shell metacharacters in netrw URI hostname and port - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery due to unvalidated pointer block fields...
GHSA-J842-XGM4-WF88 MLX has Wild Pointer Dereference in load_gguf()
Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...
CVE-2023-39501
PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...
CVE-2023-32252
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to creat...
CVE-2021-1100
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver nvidia.ko, in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x prior to 12.3, version 11.x prior to 11....
Qualcomm 组件代码问题漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. The intrinsic parts that provide the functionality of Qualcomm devices. A code issue vulnerability exists in the Qualcomm Component that arises from a memory corruption during buffer allocation due to dereferencing the session ct...
CVE-2018-18328
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac Consumer 7.0 2017 and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offse...
UBUNTU-CVE-2017-16845
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access...