Export limit exceeded: 352533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6779 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2026-05-12 | 8.2 High |
| An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. | ||||
| CVE-2023-6246 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2026-05-12 | 8.4 High |
| A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | ||||
| CVE-2023-6121 | 1 Redhat | 1 Enterprise Linux | 2026-05-12 | 4.3 Medium |
| An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). | ||||
| CVE-2023-4527 | 4 Fedoraproject, Gnu, Netapp and 1 more | 32 Fedora, Glibc, H300s and 29 more | 2026-05-12 | 6.5 Medium |
| A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | ||||
| CVE-2023-46218 | 3 Fedoraproject, Haxx, Redhat | 7 Fedora, Curl, Enterprise Linux and 4 more | 2026-05-12 | 6.5 Medium |
| This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. | ||||
| CVE-2023-38545 | 5 Fedoraproject, Haxx, Microsoft and 2 more | 19 Fedora, Libcurl, Windows 10 1809 and 16 more | 2026-05-12 | 8.8 High |
| This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. | ||||
| CVE-2023-28746 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-05-12 | 6.5 Medium |
| Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-27043 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2026-05-12 | 5.3 Medium |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | ||||
| CVE-2022-48828 | 2 Linux, Redhat | 4 Linux Kernel, Rhel Aus, Rhel E4s and 1 more | 2026-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle. Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr(). | ||||
| CVE-2022-48827 | 2 Linux, Redhat | 4 Linux Kernel, Rhel Aus, Rhel E4s and 1 more | 2026-05-12 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to server rsize of 0x1000. > > As a result, in a test where the server has a file of size > 0x7fffffffffffffff, and the client tries to read from the offset > 0x7ffffffffffff000, the read causes loff_t overflow in the server > and it returns an NFS code of EINVAL to the client. The client as > a result indefinitely retries the request. The Linux NFS client does not handle NFS?ERR_INVAL, even though all NFS specifications permit servers to return that status code for a READ. Instead of NFS?ERR_INVAL, have out-of-range READ requests succeed and return a short result. Set the EOF flag in the result to prevent the client from retrying the READ request. This behavior appears to be consistent with Solaris NFS servers. Note that NFSv3 and NFSv4 use u64 offset values on the wire. These must be converted to loff_t internally before use -- an implicit type cast is not adequate for this purpose. Otherwise VFS checks against sb->s_maxbytes do not work properly. | ||||
| CVE-2022-43945 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, Active Iq Unified Manager, H300s and 11 more | 2026-05-12 | 7.5 High |
| The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | ||||
| CVE-2022-30552 | 1 Denx | 1 U-boot | 2026-05-12 | 5.5 Medium |
| Das U-Boot 2022.01 has a Buffer Overflow. | ||||
| CVE-2022-2347 | 1 Denx | 1 U-boot | 2026-05-12 | 7.7 High |
| There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer. | ||||
| CVE-2021-47107 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-05-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always been suspect. NFSD has never sanity- checked the READDIR count argument, but the old entry encoders managed the problem correctly. With the commits below, entry encoding changed, exposing the underflow to the pointer arithmetic in xdr_reserve_space(). Modern NFS clients attempt to retrieve as much data as possible for each READDIR request. Also, we have no unit tests that exercise the behavior of READDIR at the lower bound of @count values. Thus this case was missed during testing. | ||||
| CVE-2021-38202 | 2 Linux, Netapp | 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more | 2026-05-12 | 7.5 High |
| fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. | ||||
| CVE-2019-14199 | 1 Denx | 1 U-boot | 2026-05-12 | N/A |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | ||||
| CVE-2019-14197 | 1 Denx | 1 U-boot | 2026-05-12 | N/A |
| An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | ||||
| CVE-2019-14192 | 1 Denx | 1 U-boot | 2026-05-12 | N/A |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | ||||
| CVE-2019-13104 | 2 Denx, Opensuse | 2 U-boot, Leap | 2026-05-12 | 7.8 High |
| In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | ||||
| CVE-2026-8349 | 1 Omec-project | 1 Amf | 2026-05-12 | 4.3 Medium |
| A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue. | ||||