Lucene search
K

9490 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 9:47 a.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise

Summary Multiple vulnerabilities were addressed in IBM DataStax Enterprise 6.9.23 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is...

9.9CVSS7.3AI score0.01339EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/29 9:45 a.m.2 views

SUSE-SU-2026:2675-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS5.9AI score0.01339EPSS
Exploits2References15
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:48 a.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Bouncy Castle (CVE-2026-0636,CVE-2026-5598,CVE-2026-5588&CVE-2026-3505)

Summary IBM App Connect Enterprise Toolkit and Runtime are vulnerable to multiple vulnerabilities due to Bouncy Castle. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy...

9.9CVSS5.8AI score0.00758EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53736

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 001 Description CryptX for Perl performs AEAD authentication tag comparisons in non-constant time within the streaming decrypt done path. The decrypt done$tag function utilizes memNE based on memcmp != 0, which...

3.7CVSS6.1AI score0.00295EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.6 views

RHEL 9 : postgresql:15 (RHSA-2026:32983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32983 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

8.8CVSS7AI score0.00668EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

RHEL 8 : postgresql:13 (RHSA-2026:32994)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32994 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

8.8CVSS7AI score0.00668EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.19 views

RHEL 9 : gnutls (RHSA-2026:32962)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32962 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by...

7.8CVSS6.2AI score0.00132EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:57 p.m.7 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 7:57 p.m.8 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 4:20 p.m.8 views

CVE-2026-53017

A flaw was found in the Linux kernel's f2fs filesystem. This vulnerability can lead to data loss when a file synchronization fsync operation on a newly created file occurs at the same time as a checkpoint operation. The system incorrectly assumes that a checkpoint has completed, which can result ...

5.8AI score0.00162EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:53 p.m.7 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:53 p.m.6 views

EUVD-2023-60598

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 3:53 p.m.24 views

CVE-2023-20572

CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 3:44 p.m.5 views

EUVD-2023-60597

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 3:44 p.m.19 views

CVE-2023-20540

CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...

1.8CVSS5.9AI score0.00114EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES16: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2026:22177-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22177-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

RHEL 8 : postgresql:12 (RHSA-2026:29815)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29815 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

8.8CVSS7AI score0.00668EPSS
Exploits0References10
Rows per page
Query Builder