Lucene search
K

69 matches found

RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

RHEL 9 : gnutls (RHSA-2026:32962)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32962 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

RHEL 10 : gnutls (RHSA-2026:26409)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26409 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such ...

9.8CVSS6AI score0.01335EPSS
Exploits2References28
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-41719

A flaw was found in Spring Data KeyValue. This vulnerability, known as a Spring Expression Language SpEL Injection, allows a remote attacker with low privileges to execute arbitrary expressions. This occurs when unsanitized user input is passed as a sorting parameter into a repository query metho...

6.4CVSS6AI score0.00202EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/10 1:13 a.m.6 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

6.4CVSS5.7AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.7 views

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 12:0 a.m.12 views

RLSA-2026:20611 Important: gnutls security update

Please update the gnutls packages to provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassemb...

8.2CVSS5.8AI score0.01335EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.8 views

RockyLinux 8 : gnutls (RLSA-2026:20611)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...

9.8CVSS5.8AI score0.01335EPSS
Exploits1References23
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.9 views

AlmaLinux 8 : gnutls (ALSA-2026:20611)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...

9.8CVSS5.8AI score0.01335EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory. GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite...

9.8CVSS5.8AI score0.01335EPSS
Exploits1References16
AlmaLinux
AlmaLinux
added 2026/05/26 12:0 a.m.18 views

Important: gnutls security update

Please update the gnutls packages to provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassemb...

9.8CVSS5.8AI score0.01335EPSS
Exploits1References19
Snyk
Snyk
added 2026/05/18 3:48 p.m.5 views

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

8.7CVSS5.8AI score0.01335EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/13 9:54 p.m.260 views

curl: Credentials forwarded to HTTP after HTTPS→HTTP same-port redirect — url_set_data_creds uses scheme-blind comparator

Hi all, The recent creds: hold credentials refactor — commit 8f71d0fde5 2026-05-11 https://github.com/curl/curl/commit/8f71d0fde5 — introduced a credential-leak regression on HTTPS→HTTP same-port redirects. -u user:pass and --oauth2-bearer both end up in cleartext after a 302 from https://h:N/ to...

5.7CVSS6.7AI score0.01595EPSS
Exploits2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Notesnook 代码注入漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook Web/Desktop prior to 3.3.11 contained a code injection vulnerability. This vulnerability originated from a cross-site scripting vulnerability stored in the note history comparator, which could...

8.6CVSS6.3AI score0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/27 7:49 p.m.18 views

CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...

7.1CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 7:49 p.m.4 views

CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...

7.1CVSS6AI score0.00244EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 7:49 p.m.4 views

CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...

7.1CVSS6AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 7:49 p.m.12 views

CVE-2026-27832

Group-Office (enterprise CRM/groupware) is affected by an authenticated SQL Injection in the advancedQueryData parameter (comparator) on index.php?r=email/template/emailSelection. Pre-fix versions 26.0.8, 25.0.87, and 6.8.153 process advancedQueryData with a weak allowlist, enabling blind boolean...

8.8CVSS6AI score0.00244EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/11/19 1:2 a.m.9 views

mruby array.c sort_cmp use after free

...

5.5CVSS7AI score0.00126EPSS
Exploits0
EUVD
EUVD
added 2025/10/06 4:7 p.m.7 views

EUVD-2025-32546

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the != comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leadin...

6.5CVSS6.3AI score0.00343EPSS
Exploits0References3
Rows per page
Query Builder