Lucene search
K

15 matches found

NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52992

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfsvalidatebblk Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfsreadmap passes it to kmallocarray0, ... which return...

7.8CVSS0.00138EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.10 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 12:15 a.m.7 views

EUVD-2026-19919

Cosign's verify-blob-attestation reports false positive when payload parsing fails...

4.3CVSS5.9AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 12:15 a.m.3 views

GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...

4.3CVSS5.8AI score0.00241EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/07 8:16 p.m.16 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

5.3CVSS6AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:6 p.m.6 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

4.3CVSS6AI score0.00241EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 8:6 p.m.20 views

CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

4.3CVSS0.00241EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/07 8:6 p.m.9 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

5.3CVSS5.5AI score0.00241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31065

Name of the Vulnerable Software and Affected Versions tar.Reader affected versions not specified Description tar.Reader can allocate an unbounded amount of memory when processing a specially crafted archive containing numerous sparse regions encoded using the "old GNU sparse map" format. This can...

5.5CVSS5.8AI score0.0029EPSS
Exploits0References462
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: tar (TSSA-2023:0096)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0096 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

5.5CVSS6.7AI score0.04524EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.6 views

SUSE CVE-2007-2452

Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...

6CVSS8.4AI score0.02225EPSS
Exploits0References3
CNVD
CNVD
added 2015/11/29 12:0 a.m.5 views

dpkg stack buffer overflow vulnerability

dpkg is a package management system developed specifically for "Debian" to facilitate the installation, update and removal of software. A stack buffer overflow vulnerability exists in the dpkg-deb component of dpkg, which allows an attacker to construct a Debian binary package in an old format th...

7.5CVSS10AI score0.05035EPSS
Exploits0References1
OSV
OSV
added 2007/06/04 4:30 p.m.16 views

CVE-2007-2452

Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...

7.9AI score
Exploits0References12
Debian CVE
Debian CVE
added 2007/06/04 4:0 p.m.46 views

CVE-2007-2452

Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...

6CVSS7.6AI score0.02225EPSS
Exploits0
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.32 views

GNU findutils locate buffer overflow

Heap buffer overflow on parsing old-format locate database...

6CVSS3.2AI score0.02225EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder