Lucene search
K

2410 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-15043

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15041

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS5.9AI score0.003EPSS
Exploits0References3
NVD
NVD
added last week10 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS0.00077EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2026-14969

The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/07 12:0 a.m.4 views

Security update for perl-Crypt-SaltedHash (critical)

openSUSE Security Update: Security update for perl-Crypt-SaltedHash Announcement ID: openSUSE-SU-2026:0230-1 Rating: critical References: 1265912 1265927 Cross-References: CVE-2026-47372 CVE-2026-47373 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is no...

9.1CVSS5.9AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56200

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDBM backend attribute encryption where a hardcoded static initialization vector is used for AES-CBC and 3DES-CBC operations. This allows an attacker with privileged...

4.4CVSS6.1AI score0.00077EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/06 7:55 p.m.6 views

EUVD-2026-25017

kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes system crash / DoS...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/05 10:23 p.m.30 views

CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

3.7CVSS0.00243EPSS
Exploits1References2
OSV
OSV
added 2026/07/05 1:21 a.m.4 views

UBUNTU-CVE-2026-14686

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/05 12:30 a.m.38 views

CVE-2026-14687 666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS0.00332EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 12:30 a.m.14 views

CVE-2026-14687

Affected software: 666ghj BettaFish (≤1.2.1). Vulnerable component: InsightEngine search-result Deduplication, specifically function _deduplicate_results in InsightEngine/agent.py. Root cause: manipulation can cause partial string comparison. Impact: remote exploitation possible. Publicly disclos...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55744

Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3 Description A range check issue exists in the recordValue function within the org.HdrHistogram.DoubleHistogram class. A manipulation of this function leads to an incorrect comparison. This issue requires...

4.8CVSS5.8AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55829

Name of the Vulnerable Software and Affected Versions Zephyr versions 1.10.0 through 3.7.0 Description The DNS resolver contains a flaw in the dns resolve name internal function within subsys/net/lib/dns/resolve.c when CONFIG MDNS RESOLVER is enabled. The system uses memcmp to detect mDNS .local...

3.7CVSS6AI score0.00243EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/30 8:23 p.m.36 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 8:39 a.m.7 views

CVE-2026-53309

A flaw was found in the Linux kernel's OCFS2 Distributed Lock Manager DLM component. An off-by-one error in the dlmmatchregions function's region comparison loop causes it to read beyond the valid memory range of qrregions. This out-of-bounds read could lead to system instability or crashes...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.10 views

SUSE CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry...

9.8CVSS6AI score0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:17 p.m.11 views

DEBIAN-CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References1
Rows per page
Query Builder