Lucene search
+L

1291 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed the race condition between mmput and doexit. Task A calls binderupdatepagerange to allocate and insert pages in a remote address space from Task B. To do this, Task A first pinches the remote memory region using...

4.7CVSS6.2AI score0.00185EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 2:16 a.m.7 views

DEBIAN-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

6.1CVSS6AI score0.0078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 12:50 a.m.8 views

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42052

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An integer overflow exists in the compressed-token decoder due to a 32-bit signed counter that is not checked for overflow. A malicious sender can trigger this overflow, causing the receiver process to...

8.1CVSS6.1AI score0.0078EPSS
Exploits0References81
OSV
OSV
added 2026/05/20 12:0 a.m.8 views

UBUNTU-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 10:5 p.m.10 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
added 2026/05/19 10:4 p.m.11 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
added 2026/05/19 10:0 p.m.19 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
OSV
OSV
added 2026/05/19 3:16 p.m.4 views

DEBIAN-CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 3:16 p.m.13 views

UBUNTU-CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/19 2:4 p.m.12 views

CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0
EUVD
EUVD
added 2026/05/19 2:4 p.m.11 views

EUVD-2026-30940

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.3AI score0.00889EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/19 2:4 p.m.21 views

CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/18 1:2 p.m.32 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:3 p.m.13 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
The Hacker News
The Hacker News
added 2026/05/17 11:57 a.m.23 views

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open Source has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 CVSS score: 9.2, is a heap buffer overflow in ngxhttprewritemodule...

9.2CVSS7.9AI score0.61469EPSS
Exploits40
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.106 views

VulnCheck KEV: CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.61469EPSS
In wildExploits40References2
RedHat Linux
RedHat Linux
added 2026/05/15 5:20 p.m.12 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
added 2026/05/15 4:46 p.m.11 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
Rows per page
Query Builder