Lucene search
K

36 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5694 Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign

Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

PUB-A-481652714

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.5AI score0.00231EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:11 a.m.8 views

netfilter: arp_tables: fix IEEE1394 ARP payload parsing

...

5.5CVSS5.4AI score0.00117EPSS
Exploits0
CVE
CVE
added 2026/05/27 9:24 a.m.31 views

CVE-2026-45844

Summary: CVE-2026-45844 affects the Linux kernel netfilter arp_tables on IEEE1394 (FireWire) interfaces. The vulnerability arises because arp_packet_match() unconditionally parses the ARP payload assuming both source and target hardware addresses exist, while IPv4-over-IEEE1394 ARP omits the targ...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/27 9:24 a.m.10 views

CVE-2026-45844

In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...

5.5CVSS5.7AI score0.00117EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.8 views

CVE-2026-45844

netfilter: arptables: fix IEEE1394 ARP payload parsing...

5.8AI score0.00117EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.20 views

OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

Summary The Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. Details The vulnerable logic is in pkg/ebpf/common/sqldetectpostgres.go. In th...

7.5CVSS6AI score0.00341EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021393 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

8.8CVSS7.8AI score0.00806EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021391 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

8.8CVSS6.3AI score0.00806EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 12:15 a.m.2 views

GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...

4.3CVSS5.8AI score0.00241EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 4:57 p.m.5 views

CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3083

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependin...

8.8CVSS0.00806EPSS
Exploits0References21
OSV
OSV
added 2026/03/16 2:19 p.m.3 views

UBUNTU-CVE-2026-3085

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

8.8CVSS6.3AI score0.00828EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/13 8:41 p.m.23 views

CVE-2026-3083 GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependin...

8.8CVSS0.00806EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/10 12:29 a.m.5 views

SUSE CVE-2026-3083

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependin...

8.8CVSS6.3AI score0.00806EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.5 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-084 (ALASDOCKER-2025-084)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-084 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.5 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2025-075 (ALASNITRO-ENCLAVES-2025-075)

The version of oci-add-hooks installed on the remote host is prior to 0-0.5.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-075 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.12 views

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-077 (ALASNITRO-ENCLAVES-2025-077)

The version of runc installed on the remote host is prior to 1.3.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-077 advisory. Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames...

8.4CVSS7.3AI score0.0067EPSS
Exploits4References28
Amazon
Amazon
added 2025/11/10 12:0 a.m.7 views

Important: soci-snapshotter

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.10 views

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Rows per page
Query Builder