Lucene search
K

1767 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-42708

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-57021

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS0.00474EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56975

Name of the Vulnerable Software and Affected Versions Junos OS on SRX Series versions prior to 23.2R2-S7 Junos OS on SRX Series versions prior to 23.4R2-S8 Junos OS on SRX Series versions prior to 24.2R2-S4 Junos OS on SRX Series versions prior to 24.4R2-S4 Junos OS on SRX Series versions prior t...

6.9CVSS6.2AI score0.00474EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.37 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.11 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:33 a.m.5 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.6 views

EUVD-2026-40882

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:33 a.m.16 views

CVE-2026-7830

CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54486

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...

7.4CVSS5.9AI score0.0022EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, there was a NULL pointer dereference vulnerability in rdpwritelogoninfov2. This vulnerability allowed a malicious RDP server to crash the FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with...

7.5CVSS5.9AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:11 p.m.4 views

OESA-2026-2721 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: A NULL pointer dereference vulnerability exists in the rdpwritelogoninfov2 function of FreeRDP remote desktop...

7.5CVSS5.9AI score0.00467EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.13 views

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2026:2453-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2453-1 advisory. This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read acce...

9.8CVSS7.4AI score0.00702EPSS
Exploits0References23
OSV
OSV
added 2026/06/18 1:49 p.m.4 views

SUSE-SU-2026:2453-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. - CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. - CVE-2026-22016: APIs in the...

9.8CVSS5.9AI score0.00702EPSS
Exploits0References16
OSV
OSV
added 2026/06/17 7:9 p.m.7 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46977

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46865

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Extensibility Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where...

8.2CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.9 views

CVE-2026-35288

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterpri...

8.2CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS5.1AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49995

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Deployment versions 17.0 through 26.5 Description An issue exists in the Database Upgrade component of the Siebel CRM Deployment product. A low privileged attacker with access to the infrastructure where the softwa...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder