Lucene search
K

19357 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:5 p.m.4 views

CVE-2026-53002

A flaw was found in the Linux kernel's netfilter conntrack module. This vulnerability arises from the use of sprintf and insufficient buffer sizing in the manglecontentlen function, which can lead to a stack-out-of-bounds write. An attacker could potentially exploit this memory corruption issue t...

9.8CVSS6AI score0.00351EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.6 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.4 views

CVE-2026-52989

A flaw was found in the nvmet-tcp component of the Linux kernel. The nvmettcpbuildpduiovec function fails to propagate errors when detecting out-of-bounds PDU lengths or offsets. This can lead to uninitialized memory being used by subsequent operations, such as reading incoming network data into ...

9.8CVSS6.1AI score0.00342EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.7 views

CVE-2026-53074

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter subsystem. Specifically, the bpfprogtestrunskb function, responsible for testing BPF programs with network packets, did not properly validate the length of IPv4 and IPv6 inputs. This could allow the kernel to attempt to access...

6.4CVSS5.8AI score0.00164EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-627 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...

In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...

7.4CVSS5.9AI score0.00393EPSS
Exploits1References7
OSV
OSV
added 2026/06/25 5:17 p.m.3 views

DEBIAN-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 5:2 p.m.6 views

CVE-2026-57062

A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...

2.9CVSS5.7AI score0.0011EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:43 p.m.5 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.2CVSS6.2AI score0.00308EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 3:43 p.m.15 views

CVE-2026-56123

CVE-2026-56123 affects socat versions 1.8.0.0 through 1.8.1.1. A signed-char sign-extension bug in the DOMAINNAME reply parser during SOCKS5 handshake allows a negative bytes_to_read value to be implicitly converted to size_t, causing an unbounded heap write into a 262-byte reply buffer. This res...

9.8CVSS6.2AI score0.00308EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 3:43 p.m.4 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 3:43 p.m.5 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6.2AI score0.00308EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 3:27 p.m.7 views

CVE-2026-57452

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/25 12:1 p.m.6 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

7.5CVSS6.7AI score0.00985EPSS
Exploits0
NVD
NVD
added 2026/06/25 9:16 a.m.13 views

CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53238

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

0.00184EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS0.00282EPSS
Exploits0References11
NVD
NVD
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53195

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

0.00203EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS0.00544EPSS
Exploits0References8
Rows per page
Query Builder