Lucene search
+L

61 matches found

CVE
CVE
added 2 days ago29 views

CVE-2026-49852

Summary: CVE-2026-49852 affects the Python library joserfc. Prior to version 1.6.8, joserfc.jwt.decode can accept attacker-forged HS256/HS384/HS512 tokens if the verification key is empty or None, enabling potential authentication bypass when the configured secret resolves to an empty string. The...

8.7CVSS5.3AI score0.00194EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 5:31 p.m.13 views

CVE-2026-53029

A flaw was found in the Linux kernel's ntfs3 filesystem driver. This vulnerability occurs due to an uninitialized local variable lcn when handling zero-length data during I/O operations. An attacker could potentially exploit this flaw to cause a denial of service or information disclosure due to...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 6:53 a.m.9 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.2AI score0.00591EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.78 views

📄 ImageMagick 7.x Denial of Service

ImageMagick versions 7.x suffer from an infinite loop issue in the MIFF decoder that can lead to CPU exhaustion. Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec...

5.8AI score0.01849EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2026/05/28 1:35 p.m.17 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.7AI score0.00591EPSS
Exploits0References5
OSV
OSV
added 2026/05/26 2:17 p.m.10 views

JLSEC-2026-522

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

6.5CVSS7AI score0.01383EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.15 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:10 a.m.11 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 11:59 a.m.10 views

CLSA-2026-1778068747 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 11:55 a.m.13 views

CLSA-2026-1778068515 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 5:10 p.m.11 views

CLSA-2026-1777569045 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

9.1CVSS5.9AI score0.0042EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/08 1:23 p.m.2 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.6AI score0.00582EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/26 9:31 p.m.11 views

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS5.9AI score0.00582EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS0.00582EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

6.5CVSS6.5AI score0.00582EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0
OSV
OSV
added 2026/02/13 12:0 a.m.5 views

UBUNTU-CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fixed OOB read on empty string write When writing an empty string to either ‘qwsign’ or ‘landingPage’ sysfs attributes, the store functions attempt to access pagel – 1 before verifying that the length ‘l’ i...

7.1CVSS6.4AI score0.00153EPSS
Exploits0References3
Rows per page
Query Builder