Lucene search
K

11566 matches found

OSV
OSV
added 2026/07/02 8:45 p.m.4 views

GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow

Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...

7.3CVSS6.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-20244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded...

7.5CVSS7.2AI score0.00389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-50003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both...

9.8CVSS6.1AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 5:16 p.m.5 views

DEBIAN-CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.5 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS0.00389EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/01 4:28 p.m.7 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS7.2AI score0.00389EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/07/01 4:28 p.m.7 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:28 p.m.8 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.5 views

SUSE CVE-2026-12912

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...

7.3CVSS6.7AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.37 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.6 views

EUVD-2026-40882

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:33 a.m.7 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54486

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...

7.4CVSS5.9AI score0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 10:16 p.m.8 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:27 p.m.33 views

CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:27 p.m.39 views

CVE-2026-50003

The CVE-2026-50003 issue affects the DCMTK toolkit. A malicious or compromised server can exploit the bit-preserving C-GET storage mode in the DCMTK client to write files outside the designated output directory, using both relative (../) paths and absolute paths. Multiple sources (RH CVE entry, E...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:5 a.m.33 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40290

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:5 a.m.31 views

CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

0.00263EPSS
Exploits0References1
Rows per page
Query Builder