- EPSS 0.19%
- Veröffentlicht 09.04.2026 14:49:02
- Zuletzt bearbeitet 09.07.2026 18:16:52
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability upd...
CVE-2026-5745
- EPSS 0.16%
- Veröffentlicht 07.04.2026 14:57:31
- Zuletzt bearbeitet 03.05.2026 15:15:58
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without...
CVE-2026-5121
- EPSS 1.07%
- Veröffentlicht 30.03.2026 08:16:18
- Zuletzt bearbeitet 10.06.2026 18:17:13
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buff...
CVE-2026-0964
- EPSS 0.41%
- Veröffentlicht 26.03.2026 20:06:28
- Zuletzt bearbeitet 19.05.2026 14:16:32
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them unde...
CVE-2026-0966
- EPSS 0.58%
- Veröffentlicht 26.03.2026 20:06:28
- Zuletzt bearbeitet 19.05.2026 14:16:36
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface)...
CVE-2026-4897
- EPSS 0.13%
- Veröffentlicht 26.03.2026 15:16:43
- Zuletzt bearbeitet 21.04.2026 16:29:29
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condit...
CVE-2026-4647
- EPSS 0.17%
- Veröffentlicht 23.03.2026 13:37:44
- Zuletzt bearbeitet 30.06.2026 15:16:57
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not prop...
CVE-2026-4426
- EPSS 0.31%
- Veröffentlicht 19.03.2026 13:53:39
- Zuletzt bearbeitet 03.05.2026 21:16:11
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by suppl...
CVE-2026-4424
- EPSS 0.88%
- Veröffentlicht 19.03.2026 13:50:27
- Zuletzt bearbeitet 30.06.2026 03:20:32
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can expl...
CVE-2026-3441
- EPSS 0.18%
- Veröffentlicht 15.03.2026 00:19:07
- Zuletzt bearbeitet 30.06.2026 15:16:55
A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCO...