Lucene search
K

3144 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.11 views

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS6.6AI score0.03459EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.36 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 6:6 p.m.12 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.3AI score0.00148EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 4:6 p.m.6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.3AI score0.00148EPSS
Exploits0References7
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

ALPINE-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/17 3:13 p.m.11 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.3AI score0.00148EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/17 2:4 p.m.11 views

EUVD-2026-37718

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.03459EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 7:4 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities in the cryptography package

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the Python cryptography package, which is affected by multiple security vulnerabilities. CVE-2026-34073 involves improper certificate validation where DNS name constraints are only validated against SANs within child certificates and not the "pe...

9.8CVSS5.5AI score0.00652EPSS
Exploits0Affected Software1
AlmaLinux
AlmaLinux
added 2026/06/17 12:0 a.m.15 views

Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

7.8CVSS5.7AI score0.00165EPSS
Exploits0References20
OSV
OSV
added 2026/06/17 12:0 a.m.5 views

ALSA-2026:26610 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

7.8CVSS7AI score0.00165EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.29 views

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...

9.2CVSS7AI score0.03459EPSS
Exploits1References82
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03459EPSS
Exploits4References1
OSV
OSV
added 2026/06/17 12:0 a.m.4 views

ALSA-2026:26590 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

7.8CVSS7AI score0.00165EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/16 12:46 p.m.10 views

openssl: Use After Free with SSL_free_buffers

A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSLfreebuffers function may cause memory to be accessed that was previously freed in some situations...

7.5CVSS6.6AI score0.02945EPSS
Exploits0References5
Redos
Redos
added 2026/06/16 12:0 a.m.7 views

ROS-20260616-73-0023

The vulnerability in ImageMagick 7 is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

8.1CVSS5.5AI score0.00334EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/15 7:10 p.m.8 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.3AI score0.00221EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/06/15 12:0 a.m.4 views

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages relates to operations that occur outside of the buffer in memory, allowing attackers to disclose protected information.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by these applications...

4.7CVSS6AI score0.00357EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLES12 Security Update : gnutls (SUSE-SU-2026:2367-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2367-1 advisory. This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from endoffset over to fraglength bsc1263704. -...

9.1CVSS6.6AI score0.01335EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES12 Security Update : gnutls (SUSE-SU-2026:2366-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2366-1 advisory. This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from endoffset over to fraglength bsc1263704. -...

9.1CVSS5.5AI score0.01335EPSS
Exploits0References10
Rows per page
Query Builder