Lucene search
+L

3756 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: It was determined that processstring also allows arrays. To address a common bug where TRACEEVENT’s TPfastassign assigns the address of an allocated string to the ring buffer and then references it in TPPrintk, which can...

5.5CVSS6.4AI score0.00198EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a sleeping function called from an invalid context in the RT kernel. When setting bootparams="traceevent=initcall:initcallstart tpprintk=1" in the cmdline, the outputprintk function was called, and spinlockirqsave...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: equilibrium: fixed the warning trace on load The callback functions ‘eqbrirqmask’ and ‘eqbrirqack’ are also called in the callback function ‘eqbrirqmaskack’. This is done to avoid source code duplication. The problem ...

5.5CVSS5AI score0.00122EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed null pointer dereference in bnxtbstracecheckwrap. With older firmware versions, we might encounter the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for the FW trace data type that has not been initialized. This could lead to...

5.9AI score0.00162EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential null-ptr-dereference in tracearray in kprobeeventgentestexit When testgenkprobecmd fails after kprobeeventgencmdend, it will go to delete, which will call kprobeeventdelete and release the...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox

A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...

6.2CVSS6.6AI score0.00172EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libie: Do not unroll if fwlog is not supported. The libiefwlogdeinit function can be called during driver unloading, even when firmware logging was never properly initialized. This caused a call trace like this: 148.576156 Oops:...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Converted spinlock to mutex to lock the evlworkqueue. drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while...

5.5CVSS6AI score0.00164EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

It was discovered that there was a lack of CPU resources in the Linux kernel tracing module functionality in versions prior to 5.14-rc3. This issue occurred due to the way users utilize the trace ring buffer. Only privileged local users with the CAPSYSADMIN capability could exploit this flaw to...

5.5CVSS6.7AI score0.00734EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the amdgpuirqput call trace in gmcv100hwfini. The gmc.eccirq is enabled by the firmware based on the IFWI setting. The host driver does not have privileges to enable/disable the interrupt. Therefore, using the...

5.5CVSS5.6AI score0.00145EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock issues When trace-type.bit6 is set: if trace-type.bit6 ... queue = skbgettxqueuedev, skb; qdisc = rcudereferencequeue-qdisc; This code can lead to an out-of-bounds access of the dev-tx array...

9.1CVSS5.9AI score0.00442EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...

9.8CVSS6.4AI score0.00409EPSS
Exploits0References1
nessus
nessus
added 2026/05/20 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores th...

9.8CVSS6.4AI score0.00409EPSS
Exploits0References2
redhat
redhat
added 2026/05/19 10:12 p.m.21 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
redhat
redhat
added 2026/05/19 4:30 p.m.11 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
osv
osv
added 2026/05/19 8:53 a.m.12 views

BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS6AI score0.01502EPSS
Exploits1References3
nvd
nvd
added 2026/05/18 3:16 p.m.16 views

CVE-2026-41947

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS0.00453EPSS
Exploits1References6
cve
cve
added 2026/05/18 1:48 p.m.30 views

CVE-2026-41947

Affected product: Dify v1.14.1 and prior. Vulnerability: authorization bypass in trace configuration endpoints due to missing tenant ownership checks. Impact: authenticated editor users can set/enable trace configurations for any application and redirect messages/responses to attacker‑controlled ...

9.3CVSS5.8AI score0.00453EPSS
Exploits1References6Affected Software1
euvd
euvd
added 2026/05/18 1:48 p.m.14 views

EUVD-2026-30772

Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...

9.1CVSS5.8AI score0.00453EPSS
Exploits1References3
Rows per page
Query Builder