Lucene search
+L

9 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39572

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

2CVSS5.8AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

UBUNTU-CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS5.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 6:43 p.m.9 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

8.9CVSS5.8AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52601

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds write occurs in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list. This flaw allows data to be written pa...

7.5CVSS5.7AI score0.00175EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 12:49 a.m.20 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 3:4 p.m.11 views

GHSA-9R4W-JG96-92MV Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

6.8CVSS5.6AI score0.00191EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.16 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

5.5AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48216

Name of the Vulnerable Software and Affected Versions Spyrus WTGCreator version 4.2 Baramundi Management Suite versions prior to 2024R1 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3 Finland Matriculation Exam Abitti 1 version 1.0.0 NTC IT Rosa versions R9 and R10 PC-Doctor Service Center...

7.8CVSS5.9AI score0.00099EPSS
Exploits0References14
NVD
NVD
added 2018/02/08 11:29 p.m.28 views

CVE-2012-0941

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 Endpoint Monitor, 2 Dialup List, or 3 Log&Report Display modules, or the...

6.1CVSS6AI score0.01407EPSS
Exploits1References6
Rows per page
Query Builder