Lucene search
K

28 matches found

NVD
NVD
added 4 days ago10 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS0.0028EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-53268

A flaw was found in the Linux kernel's netfilter conntrackirc module. This vulnerability allows for a possible out-of-bounds read. When parsing network traffic, if a command string is matched but subsequent parsing fails, the system does not properly exit, leading to the flaw. This could...

8.2CVSS5.7AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/22 8:59 p.m.12 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.8AI score0.00302EPSS
Exploits1
OSV
OSV
added 2026/02/24 8:38 a.m.7 views

BIT-AIRFLOW-2025-65995 Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

6.5CVSS5.4AI score0.00801EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/03 6:47 p.m.8 views

jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/06 6:15 p.m.3 views

CVE-2025-27917

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory...

7.5CVSS0.00421EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ACPICA not releasing cache on a parsing failure...

5.5CVSS6.9AI score0.0016EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-2571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP...

7.5CVSS7.3AI score0.09288EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: do not free the NULL coalescing rule. If parsing fails, we can dereference a NULL pointer here...

5.5CVSS5.7AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2024/05/30 4:15 p.m.2 views

DEBIAN-CVE-2024-36941

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here...

5.5CVSS5.6AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2024/05/30 4:15 p.m.2 views

UBUNTU-CVE-2024-36941

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here...

5.5CVSS6.2AI score0.00237EPSS
Exploits0References33
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : varnish:6 (RLSA-2020:4756)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4756 advisory. - An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to...

7.8CVSS6.3AI score0.05742EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.4 views

SUSE CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

7.5CVSS8.1AI score0.09288EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

7.4CVSS7.6AI score0.00522EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.3 views

kernel: ext4: fix memory leak in parse_apply_sb_mount_options()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parseapplysbmountoptions If processing the on-disk mount options fails after any memory was allocated in the ext4fscontext, e.g. sqfnames, then this memory is leaked. Fix this by calling ext4fcfree instea...

5.5CVSS6AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/08/10 12:0 a.m.6 views

PT-2021-7950 · Microsoft +3 · Visual Studio +5

Name of the Vulnerable Software and Affected Versions: .NET Core versions 2.1 through 5.0 .NET 5.0 versions prior to 5.0.9 .NET Core 3.1 versions prior to 3.1.18 .NET Core 2.1 versions prior to 2.1.29 Description: The issue is related to an information disclosure vulnerability in .NET Core and...

9.8CVSS6.7AI score0.30315EPSS
Exploits0References47
OSV
OSV
added 2021/06/10 11:15 p.m.1 views

UBUNTU-CVE-2020-23312

There is an Assertion 'context.statusflags & PARSERSCANNINGSUCCESSFUL' failed at js-parser.c:2185 in parserparsesource in JerryScript 2.2.0...

7.5CVSS7.1AI score0.01083EPSS
Exploits1References3
OSV
OSV
added 2021/06/08 1:15 p.m.3 views

UBUNTU-CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

7.4CVSS5.8AI score0.00522EPSS
Exploits0References5
Rows per page
Query Builder