Lucene search
K

2299 matches found

NVD
NVD
added 2026/06/10 10:17 p.m.22 views

CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.3 views

DEBIAN-CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:23 p.m.8 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:23 p.m.17 views

CVE-2026-48107

Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:23 p.m.29 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as an individual contributor. In versions of Russh from 0.37.0 to 0.61.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the keyboard interaction authentication process, where a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 8:2 a.m.9 views

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels

...

7.8CVSS5.4AI score0.00161EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/08 2:7 a.m.11 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS5.7AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/08 2:7 a.m.9 views

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

9.1CVSS5.4AI score0.00489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2026-1789)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1789 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

7.8CVSS7.4AI score0.00485EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2026/06/07 5:2 a.m.8 views

CVE-2026-11122

An inappropriate implementation flaw was found in the Keyboard component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501485453...

8.1CVSS5.4AI score0.00159EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:44 a.m.7 views

SUSE CVE-2026-11122

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS5.6AI score0.00159EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-11122 Inappropriate implementation in Keyboard

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.4AI score0.00159EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:16 p.m.4 views

UBUNTU-CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS5.6AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 12:16 p.m.4 views

UBUNTU-CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

7.8CVSS5.8AI score0.00165EPSS
Exploits0References4
CVE
CVE
added 2026/06/05 10:31 a.m.37 views

CVE-2026-50258

The CVE affects the X.Org X server and Xwayland. A stack-based buffer overflow arises from unchecked key-type shift levels in XkbKeyTypes: multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups are not clamped by CheckKeyTypes(), allowing a client to set excessive shift levels and trigge...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References13Affected Software3
Debian CVE
Debian CVE
added 2026/06/05 10:31 a.m.8 views

CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS5.8AI score0.00161EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34583

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00159EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-11122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafte...

6.1CVSS5.6AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder