Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5372 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift Container Platform | 2026-05-26 | N/A | 5.0 MEDIUM |
| A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | |||||
| CVE-2026-7836 | 2026-05-21 | N/A | 3.1 LOW | ||
| An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input. | |||||
| CVE-2026-44074 | 2026-05-21 | N/A | 3.7 LOW | ||
| Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths. | |||||
| CVE-2023-7346 | 2026-05-20 | N/A | 4.0 MEDIUM | ||
| Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses. | |||||
| CVE-2017-8932 | 4 Fedoraproject, Golang, Novell and 1 more | 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | |||||
| CVE-2017-9725 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. | |||||
| CVE-2017-0342 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2026-05-13 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges. | |||||
| CVE-2017-0545 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350. | |||||
| CVE-2017-0679 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. | |||||
| CVE-2017-0819 | 1 Google | 1 Android | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | |||||
| CVE-2017-8905 | 1 Xen | 1 Xen | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. | |||||
| CVE-2017-12135 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2026-05-13 | 4.6 MEDIUM | 8.8 HIGH |
| Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |||||
| CVE-2017-12134 | 2 Citrix, Xen | 2 Xenserver, Xen | 2026-05-13 | 7.2 HIGH | 8.8 HIGH |
| The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | |||||
| CVE-2017-0666 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. | |||||
| CVE-2016-7433 | 1 Ntp | 1 Ntp | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | |||||
| CVE-2017-13151 | 1 Google | 1 Android | 2026-05-13 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. | |||||
| CVE-2017-11537 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. | |||||
| CVE-2017-8326 | 1 Entropymine | 1 Imageworsener | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c. | |||||
| CVE-2016-9377 | 1 Xen | 1 Xen | 2026-05-13 | 2.1 LOW | 5.5 MEDIUM |
| Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | |||||
| CVE-2026-44498 | 1 Zfnd | 1 Zebrad | 2026-05-08 | N/A | 7.5 HIGH |
| ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcashd nodes do not. This issue has been patched in version 4.4.0. | |||||