Lucene search
K

17101 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-15520 GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
CVE
CVE
added yesterday11 views

CVE-2026-15520

GNU LibreDWG 0.13.4-154-g0b573035 contains a vulnerability in the function decompress_R2004_section (src/decode.c) that can cause a heap-based buffer overflow . Exploitation requires local access and has been publicly disclosed. The issue affects the R2004 Section Decompression component and is a...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
Fedora
Fedora
added 2 days ago7 views

[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
NVD
NVD
added 4 days ago8 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

0.00121EPSS
Exploits0References2
CVE
CVE
added 4 days ago17 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
Fedora
Fedora
added 4 days ago6 views

[SECURITY] Fedora 43 Update: tmux-3.7-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-56288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file...

5.5CVSS6.1AI score0.00125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A...

5.5CVSS6.1AI score0.00125EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago9 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS6.1AI score0.00451EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 5 days ago6 views

Moderate: Red Hat Security Advisory: compat-glibc security update

An update for compat-glibc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

9.8CVSS6AI score0.00451EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
NVD
NVD
added 5 days ago10 views

CVE-2026-15182

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS0.00133EPSS
Exploits0References10
CVE
CVE
added 5 days ago12 views

CVE-2026-15184

CVE-2026-15184 affects GNU LibreDWG up to 0.13.4. The vulnerable element is the function dwg_next_entity in src/dwg.c of the DWG File Handler. Manipulating the argument next_obj can cause a null pointer dereference . The attack must come from a local position and an exploit has been made public. ...

4.8CVSS5.5AI score0.00118EPSS
Exploits0References9
CVE
CVE
added 5 days ago17 views

CVE-2026-15182

GNU LibreDWG prior to 0.14 is affected by a heap-based overflow in the BMP Image Handler (dwg_bmp in src/dwg.c). Local exploitation is possible; the vulnerability can be triggered through the BMP image handling pathway, with an exploit disclosed publicly. Upgrading to version 0.14 resolves the is...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score0.00133EPSS
Exploits0References10
NVD
NVD
added 5 days ago7 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS0.00125EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-56289 Loop with Unreachable Exit Condition in GNU patch

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

4.6CVSS0.00125EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42557

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

4.6CVSS5.9AI score0.00125EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS5.9AI score0.00125EPSS
Exploits0
Rows per page
Query Builder