Lucene search
K

1994 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55314

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description An invalidly formatted IKEv2 fragment can cause the pluto daemon to crash and restart, leading to a denial of service. The issue occurs within the reassemble v2 incoming fragments function,...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/07/01 7:34 p.m.4 views

CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.8AI score0.0032EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 7:34 p.m.33 views

CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:34 p.m.19 views

CVE-2026-54908

CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.5 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 10:17 a.m.6 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.8 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.4 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.7 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in python-cryptography

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey functions did not verify...

8.2CVSS6.7AI score0.00341EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 9:17 p.m.7 views

CVE-2026-47386

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.15 views

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS5.8AI score0.00242EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.7 views

openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that...

8.2CVSS7AI score0.00408EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.10 views

SUSE CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

5.9CVSS5.8AI score0.00408EPSS
Exploits1References7
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

ALPINE-CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

7.5CVSS5.8AI score0.00408EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/17 6:44 p.m.8 views

CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1
EUVD
EUVD
added 2026/06/17 6:44 p.m.12 views

EUVD-2026-37782

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/17 6:44 p.m.11 views

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
Rows per page
Query Builder