Lucene search
+L

226 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60600

Name of the Vulnerable Software and Affected Versions Quicly versions prior to commit dccf5d4 Description Quicly, an IETF QUIC protocol implementation used in the H2O HTTP server, is susceptible to stateless reset injection. The issue stems from a lack of packet entry validation when handling...

5.3CVSS5.3AI score0.00147EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.44 views

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS0.0028EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.8 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.13 views

EUVD-2026-39971

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/28 1:32 a.m.6 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.8 views

SUSE CVE-2026-52985

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy skbuff Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function. Fix this by calling skbputzero inste...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.7 views

SUSE CVE-2026-53263

In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53083

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...

8.3CVSS5.8AI score0.00333EPSS
Exploits0References24
NVD
NVD
added 2026/06/25 9:16 a.m.10 views

CVE-2026-53167

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.5CVSS0.00122EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:38 a.m.7 views

EUVD-2026-39258

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.7AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the lowpan iphc mcast ctx addr compress function. The second memcpy operation incorrectly uses &data1 as the destination and &ipaddr-s6 addr11 as the source...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52985

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy skbuff Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function. Fix this by calling skbputzero inste...

5.5CVSS0.00122EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52985

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy skbuff Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function. Fix this by calling skbputzero inste...

5.7AI score0.00122EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/24 4:28 p.m.11 views

CVE-2026-52985

CVE-2026-52985 concerns the Linux kernel in the netdevsim feature, where the IP header in a dummy skb was not zero-initialized in nsim_dev_trap_skb_build. The issue arises from using skb_put instead of skb_put_zero, leading to uninitialized values in the IP header and potential memory/safety impl...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.2 views

CVE-2026-52985 netdevsim: zero initialize struct iphdr in dummy sk_buff

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy skbuff Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function. Fix this by calling skbputzero inste...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix the initialization of the spitransfer struct Make sure that the spitransfer struct is cleared to zero before use...

8.4CVSS5.7AI score0.00132EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51879

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netdevsim component where the struct iphdr in a dummy sk buff is not properly initialized. This leads to a KMSAN uninit-value, which occurs when the kernel accesse...

5.9AI score0.00122EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References3
Rows per page
Query Builder