CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS7.4AI score0.00372EPSS

Astra Linux - уязвимость в firefox

The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox versions less than 126...

7.1CVSS6AI score0.00185EPSS

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: capabilities: Defined behavior in bit shifting for CAPTOMASK was fixed. Shifting a signed 32-bit value by 31 bits is undefined; therefore, the significant bit was changed to unsigned. The UBSAN warning during call tracing is a...

5.5CVSS5.5AI score0.00211EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws The commit f316cdff8d67 “clk: Annotate struct clkhwonecelldata with countedby annotated the hws member of struct clkhwonecelldata with countedby. This informs the bounds sanitizer ...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed handling of offline queues in blkmqallocrequesthctx. This patch prevents the test nvme/004 from triggering the following issues: - UBSAN: Array index out of bounds in block/blkmq.h:135:9. The index 512 is out o...

7.8CVSS5.8AI score0.00286EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...

7.8CVSS6AI score0.00119EPSS

5.5CVSS6.7AI score0.00206EPSS

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw was discovered in the Framebuffer Console fbcon within the Linux kernel. When values greater than 32 are provided for font-width and font-height in the fbconsetfont function, due to lack of proper checks, an out-of-bounds situation may occur, resulting in undefined behavior and potentially...

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021623 advisory. In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by...

5.5CVSS5.8AI score0.00143EPSS

Exploits0References4

OSV•added 2026/05/20 12:0 a.m.•11 views

UBUNTU-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS5.8AI score0.01222EPSS

Exploits0References4

RedHat Linux•added 2026/05/19 1:29 p.m.•12 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

6.5CVSS5.8AI score0.00252EPSS

Exploits0References6

Snyk•added 2026/05/18 3:48 p.m.•4 views

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

8.7CVSS5.8AI score0.01227EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...

NVD•added 2026/05/14 9:16 p.m.•11 views

Exploits0References3

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS0.00211EPSS

OSV•added 2026/05/14 9:16 p.m.•5 views

DEBIAN-CVE-2026-42327

UbuntuCve•added 2026/05/14 9:16 p.m.•10 views

CVE-2026-42327

OSV•added 2026/05/14 9:16 p.m.•5 views

UBUNTU-CVE-2026-42327

Cvelist•added 2026/05/14 8:17 p.m.•27 views

Exploits0References3

CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

8.7CVSS0.00211EPSS

Vulnrichment•added 2026/05/14 8:17 p.m.•9 views

CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

EUVD•added 2026/05/14 8:17 p.m.•9 views

EUVD-2026-30474

CVE•added 2026/05/14 8:17 p.m.•30 views

CVE-2026-42327

The CVE-2026-42327 vulnerability affects rust-openssl bindings for OpenSSL, where X509Ref::ocsp_responders returns OCSP responder URLs from the AIA extension. In versions 0.9.7 through before 0.10.79, the code constructs &str from IA5String bytes using an unchecked UTF-8 assumption, allowing non-...

Debian CVE•added 2026/05/14 8:17 p.m.•7 views

CVE-2026-42327