CVE-2026-11610
- EPSS 0.63%
- Veröffentlicht 07.07.2026 09:17:36
- Zuletzt bearbeitet 08.07.2026 21:16:46
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet t...
CVE-2026-58010
- EPSS 0.26%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:09:20
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of o...
CVE-2026-58011
- EPSS 0.27%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:20:39
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corr...
CVE-2026-58012
- EPSS 0.26%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:28:31
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 funct...
CVE-2026-58013
- EPSS 0.27%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:29:25
A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerabilit...
CVE-2026-58014
- EPSS 0.24%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 01.07.2026 17:58:21
A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service...
CVE-2026-58015
- EPSS 0.3%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 02:16:28
A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context contain...
CVE-2026-58016
- EPSS 0.34%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 01.07.2026 17:46:34
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <m...
CVE-2026-12610
- EPSS 0.16%
- Veröffentlicht 30.06.2026 08:27:01
- Zuletzt bearbeitet 30.06.2026 20:08:54
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or...
CVE-2026-13757
- EPSS 0.11%
- Veröffentlicht 29.06.2026 18:44:24
- Zuletzt bearbeitet 08.07.2026 03:34:36
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRA...