Lucene search
K

2385 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-53309

A flaw was found in the Linux kernel's OCFS2 Distributed Lock Manager DLM component. An off-by-one error in the dlmmatchregions function's region comparison loop causes it to read beyond the valid memory range of qrregions. This out-of-bounds read could lead to system instability or crashes...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 6 days ago7 views

SUSE CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

DEBIAN-CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:41 p.m.7 views

EUVD-2026-39844

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

5.8AI score0.00404EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.27 views

CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS0.00404EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.5 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/26 7:41 p.m.27 views

CVE-2026-53309

CVE-2026-53309 relates to the Linux kernel OCFS2 DLM component. A bug in the dlm_match_regions() region comparison used a <= bound, allowing reads beyond the valid range of qr_regions. The fix modifies the loop condition to use

9.8CVSS5.8AI score0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39570

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.3CVSS5.9AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:17 p.m.2 views

DEBIAN-CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:2 p.m.26 views

CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:1 p.m.22 views

CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.3CVSS0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.5 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:59 p.m.4 views

EUVD-2026-39553

ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...

6.3CVSS5.9AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 7:59 p.m.31 views

CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS0.00161EPSS
Exploits0References2
Rows per page
Query Builder