Lucene search
K

850 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-24 contained a buffer error vulnerability. This vulnerability could occur when using the...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 1:11 p.m.35 views

CVE-2026-11792 389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 1:11 p.m.10 views

EUVD-2026-35424

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 1:11 p.m.25 views

CVE-2026-11792

CVE-2026-11792 affects 389 Directory Server (389-ds-base). A heap buffer overflow occurs in auditlog.c, in the create_masked_entry_string() function, when audit logging uses a fixed-length password mask and the destination heap buffer lacks sufficient space. If a short cleartext password is logge...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 1:11 p.m.9 views

CVE-2026-11792 389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47781

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs when audit logging is enabled. The create masked entry string function in auditlog.c copies a fixed-length password mask into a heap buffer without...

3.3CVSS6.2AI score0.00258EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a...

3.3CVSS5.6AI score0.00258EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 7:0 p.m.10 views

GHSA-3QP7-7MW8-WX86 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

8.1CVSS5.5AI score0.00552EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47600

Name of the Vulnerable Software and Affected Versions netty-handler versions prior to 4.1.135.Final netty-handler versions prior to 4.2.15.Final Description An incorrect masking operation in the compareTo function of the IpSubnetFilterRule class allows an attacker to bypass IPv6 subnet rules...

8.1CVSS5.4AI score0.00552EPSS
Exploits0References65
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47545

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

8.1CVSS5.5AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-25219

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

6.5CVSS5.5AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3314

Missing password field masking vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules, Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor Data Center Analytics, Analytics probe modules. This issu...

4.6CVSS5.5AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:39 a.m.12 views

SUSE CVE-2024-50102

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

5.5CVSS6.7AI score0.00239EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.16 views

CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS5.8AI score0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 5:3 p.m.38 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS0.00222EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 9:16 a.m.20 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS0.00335EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/01 9:16 a.m.13 views

PYSEC-2026-172

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder