Lucene search
K

1681 matches found

RedHat Linux
RedHat Linux
added 2026/06/23 6:42 p.m.6 views

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

6.8CVSS6AI score0.0016EPSS
Exploits1References6
CVE
CVE
added 2026/06/22 4:58 p.m.31 views

CVE-2026-53540

Python-Multipart vulnerability CVE-2026-53540 affects the parse_form function in versions prior to 0.0.31. A negative Content-Length could cause a bounded read to become unbounded, loading the entire request body into memory and potentially exhausting memory. The issue is fixed in 0.0.31; remedia...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/15 7:10 p.m.21 views

CVE-2026-52719

GStreamer: out-of-bounds read in the VA JPEG decoder of gst-plugins-bad (CVE-2026-52719). The JPEG parser reads a segment length without validating against available data, enabling a remote attacker to craft a JPEG that, when opened by a user, may cause parsing to read beyond the input buffer, po...

7.1CVSS5.4AI score0.0028EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 11:47 a.m.2 views

OPENSUSE-SU-2026:20967-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...

6.8CVSS5.9AI score0.00282EPSS
Exploits2References8
OSV
OSV
added 2026/06/15 11:42 a.m.3 views

SUSE-SU-2026:22114-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...

6.8CVSS5.2AI score0.00282EPSS
Exploits2References9
OSV
OSV
added 2026/06/15 11:42 a.m.2 views

SUSE-SU-2026:22126-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...

6.8CVSS5.3AI score0.00282EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2026/06/15 2:9 a.m.11 views

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

7.8CVSS6.4AI score0.00651EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2626 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.12 views

SUSE CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

kafka-python 安全漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35478

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 8:17 p.m.14 views

ALPINE-CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.5AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 7:29 p.m.11 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

8.8CVSS6AI score0.00217EPSS
Exploits1References1
PyPA
PyPA
added 2026/06/05 11:16 p.m.6 views

PYSEC-0000-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.2AI score0.00408EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.14 views

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
Slackware Linux
Slackware Linux
added 2026/06/02 3:8 a.m.19 views

[slackware-security] kernel

New kernel packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.209/kernel-generic-5.15.209-i586-1.txz: Upgraded. This update fixes security issues: rxrpc: Fix missing validation of ticke...

9.8CVSS5.8AI score0.00514EPSS
Exploits0
CVE
CVE
added 2026/05/30 7:15 a.m.44 views

CVE-2026-5071

CVE-2026-5071 affects Zephyr RTOS SocketCAN. A NET_ASSERT-based length check in zcan_sendto_ctx() allows out-of-bounds reads in socketcan_to_can_frame() when an attacker controls the length passed to a sendto syscall and assertions are disabled in production builds. Consequences include denial-of...

7.8CVSS5.9AI score0.00108EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/29 1:34 p.m.22 views

OESA-2026-2492 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...

9.8CVSS5.9AI score0.00554EPSS
Exploits0References16
Rows per page
Query Builder