Lucene search
K

12468 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Thunderbird, Firefox

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log did not account for external URLs. As a result, data could potentially be exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

6.5CVSS6.8AI score0.00641EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tty: fixed an out-of-bounds access in ttydriverlookuptty When an invalid console= device is specified, such as console=tty3270, ttydriverlookuptty returns the tty struct without checking whether the index is a valid number. To...

5.9AI score0.00177EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: vt: Clear the selection before changing the font. When changing the console font using ioctlKDFONTOP, the new font size may be larger than the previous one. As a result, a previously selected item may now be outside the new scree...

7.1CVSS6AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: The flawed mitigation for rx irq flood has been removed. The mitigation was intended to completely stop the irq. This might be better than a hard lock-up, but it turns out that a crash still occurs if pmaczilog ...

5.5CVSS6.2AI score0.00182EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vcscreen: The load of the struct vcdata pointer in vcsread was moved to avoid a Use-After-Free UAF condition. After a call to consoleunlock in vcsread, the struct vcdata structure can be freed using vcdeallocate. Therefore, the...

7.8CVSS6.1AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fixed an out-of-bounds write in fastimageblit. This issue occurs when a user-space program calls ioctl FBIOPUTCON2FBMAP by passing the console number and the frame buffer number. Ideally, this maps the console to the frame...

7.8CVSS6.5AI score0.00162EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A flaw was discovered in the Framebuffer Console fbcon within the Linux kernel. When values greater than 32 are provided for font-width and font-height in the fbconsetfont function, due to lack of proper checks, an out-of-bounds situation may occur, resulting in undefined behavior and potentially...

5.5CVSS6.7AI score0.00206EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the ansible module, where credentials are disclosed in the console logs by default, and are not protected by security features when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucket Pipeline credentials. The greatest threat posed ...

5.5CVSS7.1AI score0.00337EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netconsole: Avoid out-of-band OOB reads; the message is not terminated with nul. The message passed to netconsole from the console subsystem is not guaranteed to be terminated with nul. Before the recent commit 7eab73b18630...

9.1CVSS5.5AI score0.00462EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.10 views

GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References4Affected Software2
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.6 views

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: OSV:GHSA-29WV-CV7P-XJC2https://vulners.c...

9.6CVSS5.4AI score0.00628EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.8 views

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=8.0.1), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=8.0.1) +15 more potentially affected by CVE-2026-2586 via org.glassfish.main.admingui:console-common (>=3.1.2 <=8.0.1)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =8.0.1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4...

9.1CVSS5.4AI score0.00819EPSS
Exploits1
OSV
OSV
added 2026/05/19 3:31 p.m.8 views

GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References4
NVD
NVD
added 2026/05/19 3:16 p.m.16 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue...

9.1CVSS0.00819EPSS
Exploits1References1
CVE
CVE
added 2026/05/19 2:12 p.m.41 views

CVE-2026-2586

CVE-2026-2586: An authenticated RCE in GlassFish Administration Console. A user with console access can send crafted requests to execute arbitrary OS commands with the privileges of the application service user. Affected: GlassFish Admin Console. Impact (per provided metrics): high confidentialit...

9.1CVSS6.2AI score0.00819EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/19 2:12 p.m.8 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue...

9.1CVSS6.2AI score0.00819EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/19 2:12 p.m.12 views

EUVD-2026-30939

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/19 2:12 p.m.41 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue...

9.1CVSS0.00819EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/19 2:12 p.m.10 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue...

9.1CVSS6.2AI score0.00819EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.16 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.6CVSS7AI score0.09917EPSS
Exploits1References6
Rows per page
Query Builder