Lucene search
K

22 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57436 Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS0.00312EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: Fixed an invalid node index issue. On systems with DRAM interleave enabled, out-of-bound access was detected: megaraidsas 0000:3f:00.0: Requested/available msix 128/128 pollqueue 0 ------------ Cut here...

7.8CVSS6.2AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: Add a target node validity check in damonmigratepages. This validation is taken from dopagesmove, which is used in the movepages system call. The bug occurs when damonmigratepages attempts to migrate pages ev...

5.5CVSS6AI score0.00143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series mm/damon/core: validate damosquotagoal-nid. nodememcgused,freebp DAMOS quota goal...

7.1CVSS6AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 8:38 p.m.11 views

CVE-2026-46020

A flaw was found in the Linux kernel's DAMON Data Access MONitor core. A privileged local user can exploit this vulnerability by providing an invalid node ID to damosquotagoal-nid for nodememused,freebp via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/27 8:10 p.m.9 views

CVE-2026-46067

A flaw was found in the Linux kernel's DAMON Data Access MONitor core component. A local user could exploit this vulnerability by providing an invalid node identifier nid when configuring memory usage tracking goals. This lack of validation allows for out-of-bounds memory access, which can lead t...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 2:17 p.m.10 views

CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

7.1CVSS0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.37 views

CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.37 views

CVE-2026-46020 mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

0.00124EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/23 6:57 a.m.3 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.3AI score0.00181EPSS
Exploits0
NVD
NVD
added 2025/09/05 6:15 p.m.5 views

CVE-2025-39700

In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...

5.5CVSS0.00143EPSS
Exploits0References3
OSV
OSV
added 2025/09/05 6:15 p.m.4 views

UBUNTU-CVE-2025-39700

In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/08/07 7:0 a.m.7 views

scsi: megaraid_sas: Fix invalid node index

...

7.8CVSS7AI score0.00146EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/09 11:23 p.m.11 views

SUSE CVE-2025-38239

In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...

6.1CVSS7.9AI score0.00146EPSS
Exploits0References16
OSV
OSV
added 2025/07/09 11:15 a.m.1 views

DEBIAN-CVE-2025-38239

In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...

7.8CVSS5.5AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2025/07/09 11:15 a.m.11 views

AZL-64856 CVE-2025-38239 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2025/07/09 11:15 a.m.4 views

UBUNTU-CVE-2025-38239

In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References30
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0415

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

4.6CVSS6.7AI score0.01819EPSS
Exploits3References6
PyPA
PyPA
added 2022/02/04 11:15 p.m.7 views

PYSEC-2022-87

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

4.3CVSS6.9AI score0.00716EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/10 4:14 p.m.2 views

hivex: Buffer overflow when provided invalid node key length

A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat...

5.8CVSS7.1AI score0.01916EPSS
Exploits0References4
Rows per page
Query Builder