Lucene search
K

1307 matches found

UbuntuCve
UbuntuCve
added 2026/05/27 4:16 a.m.14 views

CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 4:16 a.m.6 views

UBUNTU-CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 2:34 a.m.105 views

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

0.00262EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:34 a.m.8 views

CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

5.8AI score0.00262EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/27 2:34 a.m.11 views

EUVD-2026-32044

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

5.8AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43487

Name of the Vulnerable Software and Affected Versions IO::Compress versions 2.207 through 2.219 Description The bundled zipdetails CLI tool crashes when processing an Info-ZIP Unix Extra Field tag 0x7875 where the UID Size or GID Size is set to 8. This occurs because the decode ux function trigge...

7.3CVSS5.4AI score0.00262EPSS
Exploits0References21
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

IO-Compress 安全漏洞

IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress from 2.207 to 2.220 had security vulnerabilities. These vulnerabilities occurred due to the zipdetails CLI tool crashing when processing Info-ZIP Unix Extra Fields. This...

7.3CVSS5.9AI score0.00262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48961

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-by...

7.3CVSS5.3AI score0.00262EPSS
Exploits0References4
Qualys Blog
Qualys Blog
added 2026/05/20 3:40 p.m.15 views

CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...

7.1CVSS6.3AI score0.0138EPSS
Exploits6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In statmountstring, most flags assign an output offset pointer offp, which is later updated with the string offset. However, in the cases of STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP, the struct fields are directly set instead of...

5.7AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:10 p.m.11 views

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

SOGo SQL注入漏洞

SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Version 5.12.7 of SOGo contains a SQL injection...

8.6CVSS6AI score0.00316EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 9:7 p.m.36 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:7 p.m.7 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/04 10:4 p.m.10 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

9.8CVSS5.6AI score0.00429EPSS
Exploits0References12Affected Software1
GithubExploit
GithubExploit
added 2026/05/03 6:51 p.m.91 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

🚨 CVE-2026-31431: Copy Fail Un fallo crítico de 9 años en...

7.8CVSS5.8AI score0.96267EPSS
Exploits229
OSV
OSV
added 2026/04/28 12:17 p.m.7 views

CLSA-2026-1777378650 Fix CVE(s): CVE-2023-26604

SECURITY UPDATE: systemctl may pass arbitrary shell commands from a pager like more1 that does not honor LESSSECURE, allowing privilege escalation under sudo. - debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking a pager, rename to SYSTEMDPAGERSECURE, gate insecure pagers behind...

7.8CVSS6.9AI score0.01051EPSS
Exploits4References1
EUVD
EUVD
added 2026/04/24 2:42 p.m.5 views

EUVD-2026-25515

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...

5.4AI score0.00281EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 2:42 p.m.38 views

CVE-2026-31622

Summary (CVE-2026-31622): In the Linux kernel NFC digital subsystem, the NFC‑A cascade depth handling in digital_in_recv_sdd_res() could allow a malicious peer to keep sending cascade responses, causing writes past the allocated nfc_target buffer (heap overflow) by exceeding the cascade depth. Th...

8.8CVSS5.4AI score0.00281EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34974

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFC-A anti-collision cascade within the digital in recv sdd res function. The process appends 3 or 4 bytes to target-nfcid1 during each round, but the number of roun...

8.8CVSS5.8AI score0.00281EPSS
Exploits0
Rows per page
Query Builder