Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different...

7.5CVSS6.1AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-41992

GNU gzip is affected by a global buffer overflow in the LZH decompression logic caused by reusing a shared global state across LZ77/LZW/LZH within a single run. The vulnerability arises from a global array not reinitialized between files, enabling an attacker to deplete or poison the shared state...

7.5CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/23 7:40 p.m.7 views

CVE-2026-12112

CVE-2026-12112 affects the foreman-mcp-server MCP Server. The issue is a session management vulnerability where an improper cache of authenticated client connections allows an unauthenticated attacker to hijack active administrative sessions by trusting a non-secret session ID without re-validati...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2026/06/08 10:1 p.m.5 views

CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00376EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:45 p.m.3 views

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

8.7CVSS5.9AI score0.00179EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.7 views

Security Risks Introduced by Weak Authentication in Smart Home IoT Systems

Smart home IoT systems rely on authentication mechanisms to ensure that only authorized entities can control devices and access sensitive functionality. In practice, these mechanisms must balance security with usability, often favoring persistent connectivity and minimal user interaction. This...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition in the nfsd subsystem during the handling of FREESTATEID, which could lead to...

7.8CVSS8.1AI score0.0021EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/10/30 12:0 a.m.24 views

FreeBSD : libssh -- PRNG state reuse on forking servers (f8c88d50-5fb3-11e4-81bd-5453ed2e2b49)

Aris Adamantiadis reports : When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

1.9CVSS6.7AI score0.00356EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2014/03/05 12:0 a.m.32 views

libssh -- PRNG state reuse on forking servers

Aris Adamantiadis reports: When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

1.9CVSS6.3AI score0.00356EPSS
Exploits1References2
Rows per page
Query Builder