Lucene search
K

15 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.11 views

X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

6.1CVSS4.9AI score0.00489EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:31 a.m.8 views

CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References24
OSV
OSV
added 2026/05/28 10:16 a.m.9 views

UBUNTU-CVE-2026-46114

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.33 views

CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

7.5CVSS0.00467EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/23 2:54 p.m.3 views

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.2AI score0.0025EPSS
Exploits0
OSV
OSV
added 2026/04/14 12:0 a.m.5 views

UBUNTU-CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/14 12:0 a.m.11 views

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-35211

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00555EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-2592 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a confused deputy in the checkKeyIntent function of AccountManagerService.java, allowing a possible bypass of intent security checks. This could lead to the...

7.7CVSS6.9AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.7 views

PT-2024-37050 · WordPress · The Newsletter - Api

Name of the Vulnerable Software and Affected Versions: The Newsletter - API v1 and v2 addon plugin for WordPress versions up to, and including, 2.4.5 Description: The issue allows unauthorized management of subscribers due to a PHP type juggling problem in the check api key function. This enables...

6.5CVSS7.4AI score0.00317EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.4 views

PT-2023-25257 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to unsafe deserialization in the checkKeyIntentParceledCorrectly function of AccountManagerService.java. This could lead to local escalation of privilege with no...

7.8CVSS7.5AI score0.001EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.2 views

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

7.8CVSS6.2AI score0.0009EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.7 views

PT-2023-17923 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: A logic error in the checkKeyIntentParceledCorrectly function of ActivityManagerService.java can lead to a bypass of Parcel Mismatch mitigations. This issue could result in local...

7.8CVSS6.9AI score0.0009EPSS
Exploits0References4
OSV
OSV
added 2020/09/17 9:15 p.m.3 views

CVE-2020-0338

In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-123700107...

5CVSS6AI score0.00156EPSS
Exploits0References1
securityvulns
securityvulns
added 2000/12/20 12:0 a.m.21 views

Дырка в GNUPG

Если письмо содержит несколько подписанных частей, то проверяется целостность лишь последей части. Кроме того, программа производит обмен приватным ключем с сервером и некорректно проверяются сигнатуры файлов...

0.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder