Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
added 2026/06/25 10:17 p.m.4 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS6.1AI score0.0016EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 10:17 p.m.3 views

CVE-2026-6092

When HAVEENCRYPTTHENMAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC...

5.3CVSS6.1AI score0.00209EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 10:17 p.m.4 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS6.1AI score0.00143EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 10:17 p.m.3 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

7.5CVSS6.1AI score0.0021EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 10:17 p.m.4 views

CVE-2026-7511

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

7.5CVSS6.1AI score0.00171EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 10:16 p.m.2 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS6.1AI score0.00121EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS6.1AI score0.0018EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

5.3CVSS6.1AI score0.00256EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS6.1AI score0.0019EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS6.1AI score0.00074EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6.2AI score0.00385EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 p.m.3 views

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

7.5CVSS6.1AI score0.00124EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS6.1AI score0.00346EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-55958

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...

8.3CVSS6.3AI score0.00269EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

7.8CVSS6.1AI score0.00144EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS6.1AI score0.00161EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.2 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS6.1AI score0.00145EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.2 views

CVE-2025-60465

A use-after-free in the gffilterpidinstswap function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

6.1CVSS6.1AI score0.00135EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.4 views

CVE-2026-12340

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-46601

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS6.1AI score0.00118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.3 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS6.1AI score0.00145EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 8:17 p.m.5 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS6.1AI score0.00124EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.2 views

CVE-2026-56786

RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decodetype1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream c...

9.8CVSS6.5AI score0.00422EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.2AI score0.00184EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.4 views

CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

7.1CVSS6.1AI score0.00119EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.4 views

CVE-2026-56787

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

7.5CVSS6.2AI score0.00325EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.5 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.2 views

CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS6.1AI score0.00339EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.4 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS6.1AI score0.00266EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 7:16 p.m.3 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS6.1AI score0.00401EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.10 views

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS6.1AI score0.00111EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.2 views

CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6.5CVSS6.1AI score0.00121EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.3 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS6.1AI score0.00114EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.4 views

CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS6.1AI score0.00165EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.3 views

CVE-2026-55961

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS6.1AI score0.00095EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.2 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS6.1AI score0.00152EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.2 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS6.2AI score0.00294EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.3 views

CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.3 views

CVE-2026-11999

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS6.1AI score0.00145EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/25 5:17 p.m.3 views

CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6.2AI score0.00308EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 4:16 p.m.2 views

CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS6.1AI score0.00093EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 4:16 p.m.3 views

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS6.1AI score0.00119EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 4:16 p.m.3 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.1AI score0.00154EPSS
Exploits0References3
Total number of security vulnerabilities71772