Lucene search
K

881 matches found

Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-53081

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to the latest patch Description The RASC video decoder in libavcodec contains a flaw where the decode dlta function in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXT LINE row-boundary...

8.8CVSS6AI score0.00217EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: Media: dvb-frontends/rtl2832 – Fixed an out-of-bounds write error. Ensured that the index in rtl2832pidfilter does not exceed 31 to prevent out-of-bounds access. dev-filters is a 32-bit value; therefore, the setbit an...

7.8CVSS6.5AI score0.00267EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Added a maximum boundary check for VF filters. There is no check to ensure that VF can request a maximum number of filters. This limitation should be added...

6.5AI score0.00193EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iio: Magnetometer: rm3100 – added a boundary check for the value read from RM3100REGTMRC. Recently, we encountered a kernel crash in the function rm3100commonprobe, caused by out-of-bound access to the array rm3100samprates due t...

5.5CVSS5.5AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fix for u8 overflow By continuously sending L2CAPCONFREQ packets, chan-numconfrsp increases multiple times, eventually exceeding the maximum number i.e., 255. This patch prevents this issue by adding a bounda...

5.5CVSS6AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fixed a potential out-of-bounds read in iommummioshow. In iommummiowrite, the offset provided by the user is validated using the check: iommu-dbgmmiooffset iommu-mmiophysend - 4. This assumes a 4-byte access. However,...

5.7AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The function validate doorbelloffset in user queue creation passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without proper checking. An arbitrarily large doorbelloffset can cause the calculated...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: A boundary check was added before installing cq callbacks. A boundary check has been added inside manaibinstallcqcb to prevent index overflow...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.14 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fixed an issue where the BIOS boundary checking was off by one. Bounds checking during the parsing of init scripts embedded in the BIOS prevents access to the last byte. This causes driver initialization to fail on...

7.8CVSS5.6AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: selinux: A boundary check has been added in putentry. Just like in nextentry, a boundary check is necessary to prevent memory access that is out of bounds...

7.1CVSS6.1AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-43982

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:11 a.m.40 views

CVE-2026-5422 Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS0.00437EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:11 a.m.9 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/02 9:11 a.m.13 views

EUVD-2026-33905

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/02 9:11 a.m.9 views

CVE-2026-5422 Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/02 9:11 a.m.7 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6.7AI score0.00437EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.12 views

PT-2026-45727

Name of the Vulnerable Software and Affected Versions jupyter-server version 2.17.0 Description A path traversal issue exists due to an incorrect root directory boundary check in the get os path function within jupyter server/services/contents/fileio.py. The check utilizes startswithroot without...

8.1CVSS6.5AI score0.00437EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 5:37 p.m.8 views

GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

6.9CVSS5.9AI score0.00061EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:2 a.m.7 views

ntfs3: fix integer overflow in run_unpack() volume boundary check

...

7.8CVSS5.4AI score0.00142EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/27 9:47 p.m.13 views

CVE-2026-45993

A flaw was found in the Linux kernel, specifically affecting the LoongArch architecture. The system call syscall dispatch table, which handles requests from user programs, does not properly validate the syscall number provided by userspace. This missing boundary check could allow a local attacker...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder