Lucene search
+L

194 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-44434 Quicly is vulnerable to stateless reset injection

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet entry validation. The QUIC protocol is designed to withstand packet injection attacks, once the...

5.3CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 1:32 p.m.24 views

CVE-2026-53339

CVE-2026-53339 affects the Linux kernel i2c-qcom-cci driver. On Qualcomm CCI with two I2C masters, if only one is initialized, device unbinding/removal can dereference NULL because cci_halt() runs for both masters while completion exists only for the active one, leading to a NULL pointer derefere...

5.8AI score0.00164EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.14 views

CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS5.4AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 3:30 p.m.3 views

GHSA-MM6V-Q8Q9-PGCF Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS6AI score0.0015EPSS
Exploits0References6
OSV
OSV
added 2026/06/03 2:16 p.m.11 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

2.3CVSS5.3AI score0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-45948

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.6 Django versions prior to 5.2.15 Description An issue exists in django.core.mail.backends.smtp.EmailBackend where the system fails to prevent the reuse of a partially-initialized connection following a failed...

6.5CVSS5.4AI score0.02388EPSS
Exploits0References135
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.12 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.50 views

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

7.8CVSS0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/28 9:36 a.m.11 views

EUVD-2026-32808

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

5.8AI score0.00114EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pkvminitvcpu function in KVM arm64. These issues involve pin leakage and ordering...

5.8AI score0.00126EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed another slab-out-of-bounds issue in fib6nhflushexceptions While running the self-tests on a KASAN-enabled kernel, I observed a slab-out-of-bounds issue that was very similar to the one reported in commit 821bbf79fe46...

7.1CVSS6.3AI score0.00247EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cpumap: The xdprxqinfo structure is not initialized to zero before running the XDP program. When running an XDP program that is associated with a cpumap entry, we do not initialize the xdprxqinfo data structure, which is used in...

5.5CVSS5.9AI score0.00223EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 10:2 a.m.9 views

CLSA-2026-1778493745 opensc: Fix of 5 CVEs

CVE-2024-45615: initialize uninitialized variables passed as arguments - CVE-2024-45616: fix insufficient control of APDU response buffer length - CVE-2024-45617: check return values to avoid uninitialized variable use - CVE-2024-45618: check return values in pkcs15-init to avoid uninitialized...

3.9CVSS6.2AI score0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.28 views

EUVD-2026-28701

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

5.8AI score0.00122EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43408

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39069

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Ceph component of the Linux kernel where the ceph mdsc build path function is called without a zero-initialized ceph path info parameter. Because ceph mdsc build pat...

7.8CVSS7.2AI score0.00149EPSS
Exploits0References50
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ndiscrauseropt function failing to initialize the padding field in the nduseroptmsg structure, resulting...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 1:21 p.m.6 views

JLSEC-2026-310

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Znbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer...

9.8CVSS8.6AI score0.01101EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 9:31 p.m.6 views

EUVD-2026-21180

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00264EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/25 6:56 p.m.6 views

CVE-2026-23353

A flaw was found in the Linux kernel's ice network driver. When a local user performs an ethtool offline loopback test, the system can experience a kernel null pointer dereference. This occurs because the libeth library for the receive ring is not properly initialized. Successful exploitation of...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References4
Rows per page
Query Builder