Lucene search
K

612 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: iris: Added missing platform data entries for SM8750. Two platform-data fields for SM8750 were omitted: - getvpubuffersize = irisvpu33bufsize Without this field, the driver fails to allocate the required internal buffer...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Iris: Gen1 – Destroy internal buffers after the firmware release. After the firmware releases, the driver did not destroy the internal buffers. This led to stale allocations that were no longer needed, especially during...

5.5CVSS5.6AI score0.00126EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed a memory leak by freeing the untracked persist buffer. A internal buffer that is allocated only once per session was not being freed during session closure. This was because it wasn’t tracked as part of the...

5.4AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed NULL pointer dereferencing. A warning reported by smatch indicated a potential NULL pointer dereferencing issue, where one of the arguments to the API “irishfigen2handlesystemerror” might sometimes be null. To...

5.5CVSS5.2AI score0.00119EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In media: iris: gen2, a sanity check for session termination was added. In iriskillsession, inst-state is set to IRISINSTERROR, and sessionclose is executed, which will free memory allocated to insthfigen2-packet. If stopstreamin...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add the buffer to the list only after a successful allocation. We moved the listaddtail function to after dmaalloc attrs succeeds when creating internal buffers. Previously, the buffer was enqueued into the...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.13 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 p.m.10 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.8 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 p.m.9 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 p.m.9 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 p.m.8 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 9:8 p.m.7 views

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:8 p.m.31 views

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder