Lucene search
K

74 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40173

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-13757

CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0
CVE
CVE
added 4 days ago40 views

CVE-2026-58050

CVE-2026-58050 affects libssh2 up to 1.11.1. The publickey subsystem reads an attacker-controlled 32-bit attribute count and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking. On 32-bit platforms, this multiplication can overflow, producing an under...

8.3CVSS6AI score0.00333EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53245

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.3CVSS5.7AI score0.00184EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53245

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.7AI score0.00184EPSS
Exploits0
CVE
CVE
added 2026/06/09 4:0 p.m.20 views

CVE-2026-49475

FreeSWITCH (core STUN attribute parsing) is affected. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to can cause an out-of-bounds read/write on the per-leg media buffer. The issue has been patched in version 1.11.0. The CVE’s...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.14 views

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

6.8CVSS5.5AI score0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 5:16 p.m.12 views

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

6.8CVSS0.00467EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed warnings regarding empty attribute names in kobjects. The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/14 6:45 a.m.86 views

Exploit for CVE-2026-35330

CVE-2026-35330 strongSwan EAP-SIM / EAP-AKA attribute parser...

5.9AI score
Exploits3
Debian CVE
Debian CVE
added 2026/05/10 6:36 a.m.8 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/09 12:40 a.m.13 views

CVE-2026-43451

A flaw was found in the Linux kernel's netfilter component. A remote attacker can exploit this by sending specially crafted network packets that cause an error during VLAN attribute parsing in the nfnetlinkqueue module. This leads to a memory leak, where kernel memory is not properly released...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 6:33 p.m.19 views

EUVD-2026-27349

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

5.8AI score0.00111EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. There is a security vulnerability in GPAC, which stems from a buffer overflow in the gfsvgparseattribute function found in the src/scenegraph/svgattributes.c file. This vulnerability could lead to a denial-of-service attack...

5.5CVSS6AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Coturn 安全漏洞

Coturn is an open-source implementation of TURN TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Transfer of User Datagram Protocol Network Address Translators Servers. Versions prior to Coturn 4.10.0 contained security vulnerabilities. These vulnerabilities stemmed from...

7.5CVSS5.8AI score0.01123EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/03/11 8:2 a.m.4 views

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

...

6.2CVSS5.8AI score0.00173EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/03/05 4:4 p.m.7 views

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS5.5AI score0.02229EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.135 views

📄 Python 3 Minidom Denial of Service

This proof of concept demonstrates an algorithmic denial of service condition caused by parsing an XML document containing an extremely large number of attributes using Python's xml.dom.minidom library. Due to inefficient attribute handling with quadratic time complexity, the XML parser may consu...

6.2AI score
Exploits0
NVD
NVD
added 2026/02/14 3:16 p.m.5 views

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

5.5CVSS0.00114EPSS
Exploits0References4
Rows per page
Query Builder