Lucene search
K

10 matches found

Cvelist
Cvelist
added 19 hours ago9 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

Exploits0References3
EUVD
EUVD
added 2026/05/19 7:22 p.m.15 views

EUVD-2026-30978

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 7:16 p.m.7 views

ALPINE-CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.2AI score0.00301EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41995

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...

8.8CVSS5.8AI score0.00514EPSS
Exploits3References75
OSV
OSV
added 2026/04/16 10:16 p.m.4 views

ALPINE-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-33102

Name of the Vulnerable Software and Affected Versions xwayland versions prior to 24.1.9-2.1 xorg-x11-server versions prior to 21.1.21-5.1 Description Security issues were identified in xwayland and xorg-x11-server. Recommendations Update xwayland to version 24.1.9-2.1. Update xorg-x11-server to...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References145
RedhatCVE
RedhatCVE
added 2025/05/07 12:24 a.m.15 views

CVE-2025-45242

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php...

7.7CVSS7.5AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2024/09/06 11:9 a.m.3 views

OESA-2024-2096 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The WebAudio OscillatorNode object was susceptible to a stack buffer overflow. This could have led to a potentially...

8.8CVSS8.7AI score0.00662EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/30 2:20 p.m.5 views

Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8.8CVSS7.5AI score0.00745EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/08/17 12:0 a.m.7 views

PT-2022-13632 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server version V1.22 Description: A denial-of-service condition can be created in the software by sending a crafted HTTP packet with a large content-length header. This issue affects the Softing Secure Integration...

7.5CVSS7.3AI score0.01324EPSS
Exploits0References5
Rows per page
Query Builder