Lucene search
+L

1478 matches found

Fedora
Fedora
added 2026/05/15 10:45 p.m.14 views

[SECURITY] Fedora 42 Update: uriparser-1.0.1-1.fc42

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

5.1CVSS5.8AI score0.00172EPSS
Exploits0
Fedora
Fedora
added 2026/05/05 12:55 a.m.18 views

[SECURITY] Fedora 44 Update: uriparser-1.0.1-1.fc44

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

5.1CVSS5.8AI score0.00172EPSS
Exploits0
Fedora
Fedora
added 2026/04/28 1:36 a.m.12 views

[SECURITY] Fedora 44 Update: botan3-3.9.0-7.fc44

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \11 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

9.3CVSS5.2AI score0.00278EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.18 views

PT-2026-46982

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.18 through 26.00 Description A heap out-of-bounds read exists in the Unix ar archive parser within the BSD SYMDEF parser. When parsing a BSD-style .SYMDEF symbol table, the ParseLibSymbols function uses Get32 to read a 32-bit...

7.1CVSS5.9AI score0.00267EPSS
Exploits2References31
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

ajenti 竞争条件问题漏洞

Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Prior to version 0.112, there was a race condition vulnerability in Ajenti. This vulnerability allowed for bypassing of user authentication within a short period after authentication was performed...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 10:13 p.m.1 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...

7.3CVSS6.3AI score0.0022EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 10:13 p.m.3 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...

7.3CVSS6.3AI score0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 9:17 p.m.5 views

UBUNTU-CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS5.8AI score0.0022EPSS
Exploits1References4
NVD
NVD
added 2026/04/08 9:17 p.m.32 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS0.0022EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/08 8:26 p.m.48 views

CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:26 p.m.3 views

CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS7.1AI score0.0022EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.19 views

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

8.8CVSS6AI score0.0022EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/26 2:39 a.m.5 views

EUVD-2026-8832

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

9.3CVSS6.1AI score0.00533EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 2:39 a.m.5 views

CVE-2026-27975 Ajenti has a potential Remote Code Execution

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

Beckhoff Automation's various products have a vulnerability regarding input validation errors.

Beckhoff Automation products such as Beckhoff.Device.Manager.XAR are developed by the American company Beckhoff Automation. Beckhoff.Device.Manager.XAR is a core component used for remote management and controller configuration. The Beckhoff Automation MDP software package for TwinCAT/BSD is a co...

8.8CVSS6.2AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:41 a.m.8 views

CVE-2001-1541

Buffer overflow in Unix-to-Unix Copy Protocol UUCP in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument...

7.2CVSS7.9AI score0.00601EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.13 views

CVE-1999-0061

File creation and deletion, and remote execution, in the BSD line printer daemon lpd...

5.1CVSS7.1AI score0.02484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.8 views

CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices...

7.2CVSS6.7AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.9 views

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve...

7.2CVSS6.7AI score0.00833EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.16 views

CVE-1999-0001

ipinput.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service crash or hang via crafted packets...

5CVSS6.9AI score0.03351EPSS
Exploits1References1
Rows per page
Query Builder