Lucene search
+L

74 matches found

osv
osv
added 2026/06/17 12:0 a.m.7 views

ALSA-2026:26533 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
osv
osv
added 2026/06/17 12:0 a.m.9 views

ALSA-2026:26534 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
cve
cve
added 2026/06/04 12:0 a.m.24 views

CVE-2026-44917

OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/05/26 2:12 a.m.10 views

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

7.7CVSS6AI score0.0021EPSS
Exploits0References1
fedora
fedora
added 2026/05/20 1:1 a.m.20 views

[SECURITY] Fedora 43 Update: dnsmasq-2.92rel2-2.fc43

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

8.8CVSS5.8AI score0.07237EPSS
Exploits4
redhatcve
redhatcve
added 2026/05/14 8:21 a.m.14 views

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References1
euvd
euvd
added 2026/05/12 12:31 a.m.12 views

EUVD-2026-29347

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References4
nvd
nvd
added 2026/05/11 11:19 p.m.14 views

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS0.00157EPSS
Exploits0References3
nvd
nvd
added 2026/05/11 10:22 p.m.11 views

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

7.7CVSS0.0021EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/11 10:17 p.m.40 views

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS0.00157EPSS
Exploits0References3
cve
cve
added 2026/05/11 10:17 p.m.37 views

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/05 2:21 p.m.5 views

SUSE-RU-2026:20683-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

6.7CVSS5.8AI score0.00378EPSS
Exploits1References6
broadcom
broadcom
added 2026/03/03 12:0 a.m.18 views

GRUB2 Vulnerable to Out-of-Bounds Write via Network Boot Process in 'grub_strcpy()' Function

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS6.5AI score0.01373EPSS
Exploits0
nessus
nessus
added 2026/01/31 12:0 a.m.8 views

EulerOS Virtualization 2.10.1 : grub2 (EulerOS-SA-2026-1119)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel...

8.8CVSS6.6AI score0.01373EPSS
Exploits1References25
nessus
nessus
added 2026/01/31 12:0 a.m.7 views

EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2026-1170)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel...

8.8CVSS6.6AI score0.01373EPSS
Exploits1References25
astralinux
astralinux
added 2026/01/27 5:1 a.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...

7.6CVSS7.5AI score0.01373EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/06 12:0 a.m.6 views

PT-2026-1506

Name of the Vulnerable Software and Affected Versions SUSE Virtualization Harvester versions 1.5.x through 1.6.x Description The interactive installer for SUSE Virtualization Harvester may expose the default OS SSH login password when creating a new cluster or adding hosts to an existing cluster...

9.8CVSS6.8AI score0.00473EPSS
Exploits0References8
snyk
snyk
added 2026/01/05 8:25 p.m.2 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the interactive installer process. An attacker can gain unauthorized remote access to the host system by exploiting the default administrative credentials over SSH before the password is reset. This is...

9.8CVSS7.1AI score0.00473EPSS
Exploits0References2
nessus
nessus
added 2025/12/19 12:0 a.m.3 views

SUSE SLES16: grub2 / grub2-arm64-efi / grub2-common / grub2-i386-pc / etc (SUSE-SU-2025:21212-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21212-1 advisory. Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...

7.8CVSS6.2AI score0.00386EPSS
Exploits0References29
osv
osv
added 2025/12/15 12:49 p.m.2 views

SUSE-SU-2025:21212-1 Security update for grub2

This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed...

7.8CVSS5.8AI score0.00386EPSS
Exploits0References22
Rows per page
Query Builder