Lucene search
K

23998 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37557

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris kill session, inst-state is set to IRIS INST ERROR and session close is executed, which will kfreeinst hfi gen2-packet. If stop streaming is called afterward, it will...

5.8AI score0.00126EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with header offset overflow and protocol header misalignment during the extraction of data...

7.5CVSS5.9AI score0.00451EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

AlmaLinux 8 : corosync (ALSA-2026:13657)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13657 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37526

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap buffer overflow exists in the ioam6 fill trace data function. The function relies on the nodelen field from incoming packets to determine the amount of data to write for each node...

9.8CVSS6AI score0.00642EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHEL 8 : corosync (RHSA-2026:14216)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14216 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2026/05/05 9:14 p.m.36 views

Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to this length...

5.8AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/05 4:16 p.m.8 views

CVE-2026-43070

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...

7.8CVSS0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 4:16 p.m.8 views

CVE-2026-43062

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...

7.1CVSS0.00215EPSS
Exploits0References8
OSV
OSV
added 2026/05/05 4:16 p.m.5 views

UBUNTU-CVE-2026-34956

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 3:23 p.m.15 views

CVE-2026-43070

The CVE describes a Linux kernel BPF verifier flaw: after a BPF_END (byte swap), dst_reg->id is not reset to 0, which can cause the verifier to propagate learned bounds to a linked register, creating a risk of out-of-bounds memory accesses. The concrete impact is potential privilege/escalation...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:17 p.m.5 views

CVE-2026-43062

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...

5.7AI score0.00215EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/05 3:17 p.m.26 views

CVE-2026-43062

CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/05 3:17 p.m.15 views

CVE-2026-43060

The CVE-2026-43060 issue affects the Linux kernel netfilter component (nft_ct). When the nft_ct module is removed, packets enqueued in nfqueue may retain stale references to conntrack zone templates or timeout policies, risking instability or DoS. The root cause is references that can outlive the...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/05 1:7 p.m.4 views

SUSE-SU-2026:21506-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI...

7.8CVSS6.8AI score0.96775EPSS
Exploits228References13
Vulnrichment
Vulnrichment
added 2026/05/05 12:29 p.m.6 views

CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/05 10:35 a.m.5 views

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS5.8AI score0.00867EPSS
Exploits1References5
CVE
CVE
added 2026/05/05 6:19 a.m.13 views

CVE-2026-6180

PaperCut MF/NG suffers a race condition in processing badge-swipe data from certain HP devices, under dropped/out-of-order packet conditions. The issue can cause a truncated badge ID to be registered, and in environments with custom badge-ID post-processing scripts, the truncated value may map to...

8.1CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a type confusion in the l2capecredreconfrsp function. This vulnerability may lead to valid packets being...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 8 : corosync (RHSA-2026:13657)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13657 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References7
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.11 views

systemd security update

252-55.0.3.el97.9 - serialize: don't allocate 1M on the stack just like that LINUX-16166 - Route logs from container mapped uids to the system journal Orabug: 38135007 - Drop delay when nspawn fails to reset loginuid Orabug: 37793135 - Improve logging for api bus connection and subscribers Orabug...

5.5CVSS5.8AI score0.00641EPSS
Exploits1
Rows per page
Query Builder