Lucene search
K

1658 matches found

SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References13
OSV
OSV
added 2026/05/21 1:24 p.m.10 views

CLSA-2026-1779369849 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 1:20 p.m.9 views

CLSA-2026-1779369649 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 1:20 p.m.10 views

CLSA-2026-1779369622 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 1:15 p.m.8 views

CLSA-2026-1779369352 Fix CVE(s): CVE-2026-43618

SECURITY UPDATE: integer overflow in compressed-token decoder - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecvtoken literal chunks to prevent remote memory disclosure via crafted compressed stream - CVE-2026-43618...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 1:9 p.m.8 views

CLSA-2026-1779368965 Fix CVE(s): CVE-2026-43618

SECURITY UPDATE: integer overflow in compressed-token decoder - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecvtoken literal chunks to prevent remote memory disclosure via crafted compressed stream - CVE-2026-43618...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/21 12:0 a.m.7 views

Security update for cpp-httplib (important)

openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0174-1 Rating: important References: 1255835 1256518 1259220 1259221 1259373 Cross-References: CVE-2026-21428 CVE-2026-22776 CVE-2026-28434 CVE-2026-28435 CVE-2026-29076 CVSS scores: CVE-2026-21428 SUSE: 8...

8.7CVSS5.8AI score0.00602EPSS
Exploits5References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid potential deadlocks. The function f2fstrylockop was used in f2fswritecompressedpages to prevent potential deadlocks, just as we did in f2fswritesingledatapage...

5.5CVSS5.3AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...

7.8CVSS6.9AI score0.00452EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not double-complete the bio on errors during compressed reads I encountered some strange panics while fixing the error handling in btrfslookupbiosums. It turns out that the compression process will complete the bio we u...

5.5CVSS5.9AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in FontForge

Splinefont in FontForge, with a version number of 20230101, allows for command injection through crafted archives or compressed files...

6.5CVSS6.4AI score0.0187EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in unbound

Before version 1.9.5, Unbound allowed an infinite loop through a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

7.5CVSS6.9AI score0.01989EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in busybox

The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...

7.5CVSS6.8AI score0.02719EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in unbound

Before version 1.9.5, Unbound allowed assertion failures due to a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

7.5CVSS6.9AI score0.02128EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:42 a.m.9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the compressed-token decoder process. An attacker can access sensitive memory contents, including environment variables, passwords, heap and stack data, and library memory pointers, by sending speciall...

8.1CVSS6AI score0.0078EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 2:16 a.m.7 views

DEBIAN-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 2:16 a.m.10 views

ALPINE-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 2:16 a.m.19 views

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS0.0078EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/20 12:50 a.m.58 views

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS0.0078EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 12:50 a.m.18 views

EUVD-2026-31011

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References3
Rows per page
Query Builder