Lucene search
K

812 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/30 9:50 a.m.8 views

EUVD-2026-40279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/29 8:19 a.m.5 views

CVE-2026-53292

A flaw was found in the Linux kernel's phonet networking subsystem. A local user could trigger a kernel panic by sending a specially crafted message, leading to a denial of service. This occurs because the pnsocketautobind function incorrectly assumes a socket is already bound when pnsocketbind...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.5 views

CVE-2026-52958

A flaw was found in the Linux kernel's libceph component. This vulnerability, located within the osdmapdecode function, can lead to an out-of-bounds memory access. A remote attacker could exploit this by sending a specially crafted and corrupted osdmap message, where the maxosd value exceeds the...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Oracle Linux 9 : dovecot (ELSA-2026-19364)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19364 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161640 - fix CVE-2025-59032: ManageSieve: Denial of Service via...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could have sent a message to the parent process, with the contents being used to index into a JavaScript object twice. This would lead to prototype pollution, and ultimately, attacker-controlled JavaScript would execute in the privileged parent process. This vulnerability affects...

8.8CVSS7.5AI score0.17103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.67 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.8 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.4AI score0.0079EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.13 views

CVE-2026-25658

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 4:16 p.m.9 views

DEBIAN-CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/02 11:20 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the lwssshparseplaintext function. An attacker can exhaust system resources by sending specially crafted messages with manipulated msglen arguments remotely. Remediation There is ...

6.9CVSS5.9AI score0.00429EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 5:56 p.m.16 views

Eclipse Open9J: Denial of Service in JITServer via crafted TCP message

A flaw was found in Eclipse Open9J and JITServer. A remote attacker, without needing to authenticate, can send a specially crafted 32-byte TCP message to JITServer. This action can cause JITServer to crash, leading to a Denial of Service DoS for affected systems...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References6
OSV
OSV
added 2026/05/28 3:43 p.m.13 views

RLSA-2026:19364 Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.10 views

SUSE CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-9490

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...

7.5CVSS7.1AI score0.03469EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libmodbus

It was discovered that libmodbus v3.1.6 contains a use-after-free issue related to the ctx-backend pointer. This vulnerability allows attackers to cause a Denial of Service DoS attack by sending a crafted message to the unit-test-server...

7.5CVSS7.1AI score0.00606EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/20 2:1 a.m.11 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:57 p.m.11 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
Rows per page
Query Builder