CVE-2026-48864
- EPSS 0.21%
- Veröffentlicht 26.05.2026 16:16:07
- Zuletzt bearbeitet 09.07.2026 16:16:41
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, ...
CVE-2026-9149
- EPSS 0.29%
- Veröffentlicht 20.05.2026 23:34:56
- Zuletzt bearbeitet 27.06.2026 00:16:49
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a ...
CVE-2026-9150
- EPSS 0.4%
- Veröffentlicht 20.05.2026 23:16:36
- Zuletzt bearbeitet 29.06.2026 17:16:30
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA51...
CVE-2023-50782
- EPSS 1.12%
- Veröffentlicht 05.02.2024 21:15:11
- Zuletzt bearbeitet 24.03.2026 12:16:08
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
CVE-2023-50781
- EPSS 1.12%
- Veröffentlicht 05.02.2024 21:15:10
- Zuletzt bearbeitet 12.05.2026 11:16:16
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
CVE-2022-3644
- EPSS 0.28%
- Veröffentlicht 25.10.2022 18:15:10
- Zuletzt bearbeitet 07.05.2025 20:15:21
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
CVE-2013-4518
- EPSS 0.26%
- Veröffentlicht 04.11.2019 13:15:10
- Zuletzt bearbeitet 21.11.2024 01:55:43
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates