Lucene search
+L

771 matches found

SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 8:16 a.m.14 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS0.00456EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.39 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34264

Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010956 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stac...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/12 3:30 p.m.5 views

EUVD-2019-20147

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key...

6.9CVSS6.1AI score0.00201EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/10 1:1 a.m.52 views

[SECURITY] Fedora 43 Update: libcgif-0.5.3-1.fc43

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

5.3CVSS5.8AI score0.00492EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/09 1:57 a.m.1 views

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS6.7AI score0.00179EPSS
Exploits0References4
Filippo.io
Filippo.io
added 2026/04/06 3:0 p.m.11 views

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

My position on the urgency of rolling out quantum-resistant cryptography has changed compared to just a few months ago. You might have heard this privately from me in the past weeks, but it’s time to signal and justify this change of mind publicly. There had been rumors for a while of expected an...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 5:24 a.m.7 views

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/05 12:30 a.m.8 views

EUVD-2026-19003

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00435EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2018-21712

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during serv...

6.9CVSS6AI score0.00206EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 11:2 a.m.13 views

CVE-2018-25227

Valentina Studio 9.0.4 is affected by a local-denial-of-service vulnerability where an excessively long Host field triggers a crash. The issue can be exploited by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts. The connected records conf...

6.9CVSS6AI score0.00206EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/28 12:16 p.m.6 views

CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References4
CVE
CVE
added 2026/03/22 1:38 p.m.7 views

CVE-2019-25600

CVE-2019-25600 affects UltraVNC Viewer 1.2.2.4. A denial-of-service exists where an oversized string in the VNC Server input field can cause a buffer overflow and crash the viewer. Attack described: paste a string with 256 repeated characters into the VNC Server field and click Connect. CVSS metr...

7.1CVSS6.1AI score0.00689EPSS
Exploits0References4
Veracode
Veracode
added 2026/03/21 5:21 a.m.24 views

Buffer Overflow

pyOpenSSL is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking in setcookiegeneratecallback, where cookie values exceeding 256 bytes can overflow an OpenSSL buffer, potentially leading to memory corruption...

9.8CVSS5.8AI score0.00704EPSS
Exploits0References23Affected Software2
CVE
CVE
added 2026/03/19 12:0 a.m.16 views

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

Sercomm SCE4255W 安全漏洞

Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded AES-256-CBC keys in the configuration backup/restore mechanis...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2026-1326)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

6.1CVSS6AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder