Lucene search
K

5844 matches found

OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53150

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.30 views

CVE-2026-53273 tee: optee: prevent use-after-free when the client exits before the supplicant

In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a199 "tee: optee: Fix supplicant wait loop" made the client wait as killable so it can be interrupted during shutdown or after a...

7.8CVSS0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:38 a.m.4 views

EUVD-2026-39241

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the...

5.8AI score0.00128EPSS
Exploits0References8
Redos
Redos
added 2026/06/25 12:0 a.m.4 views

ROS-20260625-73-0003

The vulnerability in gnutls is related to errors that occur when a string or array is terminated with the null character. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

9.8CVSS6.1AI score0.0105EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 9:59 p.m.13 views

EUVD-2026-34311

OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.8 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: cilium, terraform-provider-databricks-fips, kubedock-fips, xeol-fips, cert-manager-istio-csr-fips, crossplane-provider-gitlab, blob-csi, metallb-fips, grype-fips, cerbos, crossplane-provider-aws-sesv2-fips, tempo-fips, gatus, restic, rke2-cloud-provider,...

5.3CVSS5.9AI score0.00237EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.7 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: cilium, terraform-provider-databricks-fips, kubedock-fips, xeol-fips, cert-manager-istio-csr-fips, crossplane-provider-gitlab, blob-csi, metallb-fips, grype-fips, cerbos, crossplane-provider-aws-sesv2-fips, tempo-fips, gatus, restic, rke2-cloud-provider,...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/06/23 3:37 a.m.54 views

CVE-2026-55654 Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS0.00308EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.7 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.5 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6AI score0.00485EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure that the copied buf is terminated with NUL characters. Currently, we allocate a kernel buffer of size lbuf and copy lbuf from userspace to that buffer. Later, we use the scanf function on this buffer, but we do n...

7.1CVSS6.4AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

A NULL pointer dereference flaw was discovered in the Linux kernel’s X.25 set of standardized network protocol functions. This flaw allows a local user to crash the system by terminating their session using a simulated Ethernet card while continuing to use that connection...

5.5CVSS6.6AI score0.00328EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The race condition related to PreauhHashValue has been fixed. If a client sends multiple session setup requests to ksmbd, a race condition related to PreauhHashValue may occur. There is no need to free sess-PreauhHashValue...

8.5CVSS6.4AI score0.00391EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 11:3 a.m.4 views

SUSE-SU-2026:2467-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...

10CVSS7.2AI score0.00868EPSS
Exploits3References31
VulnCheck KEV
VulnCheck KEV
added 2026/06/16 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected ...

5.6CVSS5.3AI score0.00211EPSS
In wildExploits1References2
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
NVD
NVD
added 2026/06/12 5:16 a.m.10 views

CVE-2026-45169

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS0.0035EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder