Lucene search
K

228 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak was fixed in amdgpurasinit. When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, resulting in a memory leak. This issue was fixed by...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Added a terminator to gpiodlookuptable Without the terminator, if a conid is passed to gpiofind, and this conid does not exist in the lookup table, the function will not stop looping correctly. This could lead to a O...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...

4.7CVSS6.6AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:18 p.m.29 views

CVE-2026-45976

Summary: CVE-2026-45976 affects the Linux kernel’s drm/amdgpu driver, where amdgpu_nbio_ras_sw_init() failing inside amdgpu_ras_init() could leak memory because the allocated con structure wasn’t freed. The fix makes the function jump to release_con to properly clean up before returning the error...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...

6.5CVSS7AI score0.10124EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Joy-Con Droid 安全漏洞

Joy-Con Droid is an open-source application developed by TeamJCD that transforms Android devices into game controllers. Versions of Joy-Con Droid prior to 1.0.93 contained security vulnerabilities, which were caused by path traversal attacks. These vulnerabilities could lead to issues with the...

8.6CVSS5.8AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.2 views

PT-2026-2107

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.1.5 Description Werkzeug’s safe join function improperly handles path segments containing Windows device names with file extensions or trailing spaces. Windows device names, such as CON and AUX, are implicitly...

8.9CVSS6.3AI score0.06496EPSS
Exploits7References168
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000410 advisory. A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop. Tenable has...

7CVSS6.2AI score0.01026EPSS
Exploits1References4
Snyk
Snyk
added 2025/11/29 3:39 a.m.4 views

Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name, e.g. CON or NUL. Note: This is only vulnerab...

6.3CVSS6.8AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-7233

Malware in sbrugna...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-24584

Malware in sbrugna...

8.8CVSS8.5AI score0.01332EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.5 views

PT-2025-40377

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected...

6.1CVSS6AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2025/09/23 6:15 a.m.3 views

UBUNTU-CVE-2025-39880

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

7.8CVSS6.5AI score0.00144EPSS
Exploits0References32
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if a con-v1 union member is active, which could lead to invalid access...

7.8CVSS7.9AI score0.00144EPSS
Exploits0References5
OSV
OSV
added 2025/09/05 5:10 p.m.3 views

MAL-2025-42984 Malicious code in @zalastax/nolb-_con (npm)

The package @zalastax/nolb-con was found to contain malicious code...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-40540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

9.8CVSS8.2AI score0.02628EPSS
Exploits3References2
Rapid7 Blog
Rapid7 Blog
added 2025/08/15 3:54 p.m.6 views

Metasploit Weekly Wrap-Up 08/15/2025

Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...

9.9CVSS9.8AI score0.92579EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-25668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...

7CVSS6.6AI score0.01026EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2025/07/31 6:0 p.m.7 views

The Booker Prize Longlist and Hacker Summer Camp

Welcome to this week's edition of the Threat Source newsletter. This week the Booker Prize Longlist was released and it featured several books I've read this year a couple that are on my TBR To Be Read, a couple that I had not heard of, and a couple that make me scratch my head and question why...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/21 11:24 p.m.2 views

SUSE CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS7.7AI score0.09752EPSS
Exploits5References3
Rows per page
Query Builder