CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2026/05/20 7:16 a.m.•7 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

UbuntuCve•added 2026/05/20 7:16 a.m.•5 views

Exploits0References4

CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.01143EPSS

Exploits0References4

OSV•added 2026/05/20 7:16 a.m.•6 views

UBUNTU-CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

Exploits0References5

7CVSS7.3AI score0.00827EPSS

Astra Linux – Vulnerability in rpm

A flaw was discovered in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can persuade a victim to install a seemingly verifiable package, whose signature header was modified, to cause corruption of the RPM database and execute malicious code. The...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux

The Linux kernel up to version 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database also known as dbx protection mechanism. This issue affects the certs/blacklist.c and certs/systemkeyring.c files...

6.9CVSS6.7AI score0.00522EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•12 views

Astra Linux - уязвимость в h2database

The H2 Console before version 2.1.210 allowed remote attackers to execute arbitrary code through a jdbc:h2:mem JDBC URL that contained the IGNOREUNKNOWNSETTINGS=TRUE;FORBID CREATION=FALSE;INIT=RUNSCRIPT substring. This is a different vulnerability than CVE-2021-42392. source-iocs-preserved...

10CVSS7.6AI score0.64766EPSS

Exploits4References1

5.5CVSS5.5AI score0.00298EPSS

Astra Linux - уязвимость в gpac

A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в samba

In DCE/RPC, it is possible to share handles cookies for resource state between multiple connections through a mechanism called “association groups”. These handles can reference connections to our sam.ldb database. However, while the database is correctly shared, the user credentials are only...

8.8CVSS7.1AI score0.01843EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в bluez

A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...

9.1CVSS6.7AI score0.01544EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...

5.5CVSS6.8AI score0.00396EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в chromium

Before version 102.0.5005.61, using the "after free" feature in Indexed DB in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...

9.6CVSS7.3AI score0.00862EPSS

8.8CVSS7.3AI score0.00452EPSS

Astra Linux - уязвимость в chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в chromium

8.8CVSS7.3AI score0.00452EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в hsqldb1.8.0, hsqldb

A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...

5.5CVSS6.4AI score0.7436EPSS

Exploits0References1

3.3CVSS7AI score0.0045EPSS

Astra Linux - уязвимость в bluez

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

Exploits1References2

CVE•added 2026/05/20 5:45 a.m.•22 views

CVE-2026-47784

The CVE concerns memcached prior to 1.6.42, where SASL password data used for authentication is exposed to a timing side-channel via memcmp in sasl_server_userdb_checkpass. Affected versions are before 1.6.42; upgrading to 1.6.42 or later is the supported remediation per the release notes. The vu...

Exploits0References3Affected Software1

Debian CVE•added 2026/05/20 5:45 a.m.•7 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

Cvelist•added 2026/05/20 5:45 a.m.•39 views

Exploits0

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS0.0055EPSS

Exploits0References3

Vulnrichment•added 2026/05/20 5:45 a.m.•4 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...