Lucene search
K

4756 matches found

OSV
OSV
added 2026/07/07 7:47 p.m.6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:38 a.m.7 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 10:16 p.m.6 views

DEBIAN-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

5.9CVSS6.5AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 10:16 p.m.3 views

UBUNTU-CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 10:16 p.m.4 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/07/02 9:34 p.m.7 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00352EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/02 9:34 p.m.8 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 9:34 p.m.28 views

CVE-2026-50722 IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-723 Out-of-bounds Read in OpenCV

An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...

6.5CVSS6.5AI score0.01742EPSS
Exploits1References8
OSV
OSV
added 2026/06/30 1:30 p.m.5 views

MINI-6WMR-R3GW-MX2V

Bulletin has no description...

5.5CVSS6.6AI score0.00245EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2500)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...

8.2CVSS6.7AI score0.00341EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2459)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...

8.2CVSS6.7AI score0.00341EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 8:29 a.m.10 views

CVE-2026-53232

A flaw was found in the Linux kernel's network PHY Physical Layer driver. When a PHY probing operation fails, the system does not properly clean up the SFP Small Form-Factor Pluggable upstream connection. This oversight leaves a dangling reference in the SFP bus, which could be accessed later...

8.8CVSS5.7AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 1:7 a.m.7 views

CVE-2026-53186

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA SCSI RDMA Protocol SRP component. A malicious or compromised SRP target on the InfiniBand/RoCE fabric can exploit this vulnerability by sending a specially crafted SRP response with an excessively large data length. This can...

9.1CVSS5.8AI score0.00544EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.31 views

CVE-2026-53232 net: phy: clean the sfp upstream if phy probing fails

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

8.8CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53232

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

5.7AI score0.00221EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53232

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

8.8CVSS5.6AI score0.00221EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: There is a race condition where the error handler is only awakened when the last running command completes or times out. The order of execution of marking commands—either completed or failed—is not properly ordered...

4.7CVSS6AI score0.00096EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in python-cryptography

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey functions did not verify...

8.2CVSS6.7AI score0.00341EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability when processing images with small dimensions using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-4...

7.1CVSS7.2AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder