๐จ CVE-2026-4111
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
๐@cveNotify
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
๐@cveNotify
๐จ CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
๐@cveNotify
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
๐@cveNotify
๐จ CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
๐@cveNotify
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
๐@cveNotify
๐จ CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
๐@cveNotify
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
๐@cveNotify
๐จ CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK (RivestโShamirโAdleman โ Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
๐@cveNotify
A flaw was found in gnutls. Servers configured with RSA-PSK (RivestโShamirโAdleman โ Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
๐@cveNotify
๐จ CVE-2026-42011
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
๐@cveNotify
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
๐@cveNotify
๐จ CVE-2024-36345
Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.
๐@cveNotify
Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.
๐@cveNotify
AMD
AMD EPYCโข and AMD EPYCโข Embedded Series Processor Vulnerabilities โ May 2026
๐จ CVE-2025-0045
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service
๐@cveNotify
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service
๐@cveNotify
AMD
AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windowsยฎ Environments
๐จ CVE-2025-48512
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
๐@cveNotify
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
๐@cveNotify
AMD
AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windowsยฎ Environments
๐จ CVE-2025-48519
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
๐@cveNotify
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
๐@cveNotify
AMD
AMD Chipset Driver Vulnerabilities
๐จ CVE-2025-48520
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
๐@cveNotify
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
๐@cveNotify
AMD
AMD Chipset Driver Vulnerabilities
๐จ CVE-2025-48521
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
๐@cveNotify
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
๐@cveNotify
AMD
AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windowsยฎ Environments
๐จ CVE-2021-26380
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
๐@cveNotify
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
๐@cveNotify
AMD
AMD Athlonโข, AMD Ryzenโข, and AMD Ryzenโข Embedded Series Processor Vulnerabilities โ May 2026
๐จ CVE-2022-23826
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
๐@cveNotify
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
๐@cveNotify
AMD
AMD Athlonโข, AMD Ryzenโข, and AMD Ryzenโข Embedded Series Processor Vulnerabilities โ May 2026
๐จ CVE-2023-31309
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.
๐@cveNotify
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.
๐@cveNotify
๐จ CVE-2023-31316
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
๐@cveNotify
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
๐@cveNotify
AMD
AMD Athlonโข, AMD Ryzenโข, and AMD Ryzenโข Embedded Series Processor Vulnerabilities โ May 2026
๐จ CVE-2023-31317
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
๐@cveNotify
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
๐@cveNotify
๐จ CVE-2024-21962
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
๐@cveNotify
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
๐@cveNotify
AMD
AMD RAID Driver Vulnerability
๐จ CVE-2022-23817
Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
๐@cveNotify
Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
๐@cveNotify
AMD
AMD Graphics Driver Vulnerabilities โ November 2022
๐จ CVE-2024-21950
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
๐@cveNotify
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
๐@cveNotify
๐จ CVE-2024-36323
Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
๐@cveNotify
Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
๐@cveNotify