Lucene search
+L

17152 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-15520 GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
CVE
CVE
added 6 days ago19 views

CVE-2026-15520

GNU LibreDWG 0.13.4-154-g0b573035 contains a vulnerability in the function decompress_R2004_section (src/decode.c) that can cause a heap-based buffer overflow . Exploitation requires local access and has been publicly disclosed. The issue affects the R2004 Section Decompression component and is a...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
OSV
OSV
added 6 days ago4 views

CVE-2026-15520 GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

4.8CVSS6AI score0.00136EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-15146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/12 1:0 a.m.8 views

[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
OSV
OSV
added 2026/07/10 7:17 p.m.2 views

DEBIAN-CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 7:17 p.m.9 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 7:17 p.m.4 views

UBUNTU-CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 6:20 p.m.27 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 6:20 p.m.54 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

0.00121EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/10 8:1 a.m.5 views

NULL Pointer Dereference in GNU patch

...

5.5CVSS6.1AI score0.00115EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.3 views

SUSE CVE-2026-56288

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...

3.3CVSS6AI score0.00115EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.5 views

SUSE CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

3.3CVSS6AI score0.00115EPSS
Exploits0References5
Fedora
Fedora
added 2026/07/10 1:6 a.m.7 views

[SECURITY] Fedora 43 Update: tmux-3.7-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.18 views

PT-2026-57263

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description GNU Wget fails to validate the IP address provided by an FTP PASV response when operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit th...

5.9CVSS6.1AI score0.00121EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file...

5.5CVSS6.1AI score0.00115EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-56289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A...

5.5CVSS6.1AI score0.00115EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/09 5:24 p.m.13 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS6.1AI score0.00502EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/07/09 5:24 p.m.12 views

Moderate: Red Hat Security Advisory: compat-glibc security update

An update for compat-glibc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

9.8CVSS6AI score0.00502EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/09 4:30 p.m.7 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
Rows per page
Query Builder