Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/03/19 7:16 p.m.•4 views

CVE-2026-3503

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

5.2CVSS5.9AI score0.00153EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 6:16 p.m.•3 views

CVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

9.8CVSS6.1AI score0.00471EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/03/19 6:16 p.m.•5 views

CVE-2026-2645

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

7.5CVSS5.9AI score0.00126EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 6:16 p.m.•1 views

CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

8.1CVSS5.8AI score0.00123EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/19 5:16 p.m.•4 views

CVE-2026-0819

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...

7.1CVSS6.1AI score0.00101EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 5:16 p.m.•2 views

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

5.3CVSS6.1AI score0.00251EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 4:16 p.m.•5 views

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/03/19 3:16 p.m.•3 views

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c...

9.8CVSS6.1AI score0.00414EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/03/19 3:16 p.m.•3 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS5.8AI score0.0042EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/19 3:16 p.m.•4 views

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/19 3:16 p.m.•6 views

CVE-2026-4424

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

7.5CVSS5.9AI score0.00882EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/19 3:16 p.m.•3 views

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

5.8AI score0.00086EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/03/19 12:0 a.m.•3 views

CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

9.8CVSS6AI score0.00604EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/19 12:0 a.m.•6 views

CVE-2026-2046

Unknown description...

7.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/19 12:0 a.m.•4 views

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS5.8AI score0.00548EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 10:16 p.m.•3 views

CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS5.9AI score0.00143EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/18 10:16 p.m.•10 views

CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

6.1CVSS6.1AI score0.00302EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2026/03/18 9:16 p.m.•4 views

CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.9AI score0.00275EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/18 9:16 p.m.•4 views

CVE-2026-31973

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 9:16 p.m.•4 views

CVE-2026-31972

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The mpileup command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that position obtained fr...

9.8CVSS5.7AI score0.00516EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 9:16 p.m.•3 views

CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•5 views

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

8.1CVSS6.2AI score0.00451EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•7 views

CVE-2026-31966

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

9.1CVSS6AI score0.00518EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•3 views

CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

8.8CVSS6.2AI score0.00409EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•4 views

CVE-2026-31971

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

8.1CVSS6.3AI score0.00336EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•6 views

CVE-2026-31967

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

9.1CVSS5.8AI score0.00445EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 8:16 p.m.•6 views

CVE-2026-31969

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

8.1CVSS6.1AI score0.00336EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 7:16 p.m.•3 views

CVE-2026-31965

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...

8.2CVSS5.8AI score0.00373EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 7:16 p.m.•5 views

CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

7.5CVSS5.8AI score0.00322EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 7:16 p.m.•4 views

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

5.8AI score0.00238EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/03/18 7:16 p.m.•3 views

CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

8.8CVSS6.2AI score0.00348EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2025-71268

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.9AI score0.00472EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•4 views

CVE-2026-23252

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23256

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•4 views

CVE-2026-31962

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

8.8CVSS6.3AI score0.00361EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•6 views

CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•5 views

CVE-2025-71270

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPFPROBEMEM instructions. When a BPF program performs memory access...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•2 views

CVE-2026-23253

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvbdvropen calls dvbringbufferinit when a new reader opens the DVR device. dvbringbufferinit calls initwaitqueuehead, which reinitializes the waitqueue list head...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23260

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on masstoregfp failure regcachemaplewrite allocates a new block 'entry' to merge adjacent ranges and then stores it with masstoregfp. When masstoregfp fails, the new 'entry' remains allocated and is neve...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•4 views

CVE-2026-23251

In the Linux kernel, the following vulnerability has been resolved: xfs: only call xfarray,blobdestroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•4 views

CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

5.5CVSS5.6AI score0.00114EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS5.8AI score0.0016EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•5 views

CVE-2026-23263

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix page array leak d9f595b9a65e "iouring/zcrx: fix leaking pages on sg init fail" fixed a page leakage but didn't free the page array, release it as well...

5.5CVSS5.7AI score0.001EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•5 views

CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.5CVSS5.7AI score0.001EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•4 views

CVE-2025-71269

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23249

In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23255

In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptypeseqshow and provided a patch. Real issue is that ptypeseqnext and ptypeseqshow violate RCU rules. ptypeseqshow runs under rcureadlock, an...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23250

In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchkscrubcreatesubord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References6
Total number of security vulnerabilities68528