Lucene search
K

22 matches found

OSV
OSV
added 2026/06/24 5:17 p.m.4 views

UBUNTU-CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:17 p.m.4 views

UBUNTU-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.8AI score0.00227EPSS
Exploits1References3
OSV
OSV
added 2026/06/03 4:16 p.m.7 views

UBUNTU-CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.2AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 11:16 p.m.7 views

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

7.5CVSS5.5AI score0.00904EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 8:16 p.m.7 views

UBUNTU-CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:0 a.m.9 views

UBUNTU-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 6:16 p.m.5 views

UBUNTU-CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

8.7CVSS6.4AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 4:16 p.m.9 views

UBUNTU-CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References3
OSV
OSV
added 2026/05/04 5:16 p.m.4 views

UBUNTU-CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
OSV
OSV
added 2026/05/01 3:16 p.m.4 views

UBUNTU-CVE-2026-31765

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 3:16 p.m.6 views

UBUNTU-CVE-2026-43010

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobemulti programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the sleepable...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 7:16 a.m.6 views

UBUNTU-CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References2
OSV
OSV
added 2026/04/28 8:16 a.m.4 views

UBUNTU-CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 3:16 a.m.7 views

UBUNTU-CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 1:16 p.m.5 views

UBUNTU-CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

7.5CVSS6AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2026/04/15 11:16 p.m.4 views

UBUNTU-CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

6.1CVSS6AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 7:16 p.m.3 views

UBUNTU-CVE-2026-33817

Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt...

6.2CVSS5.8AI score0.00012EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 6:16 p.m.5 views

UBUNTU-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

6.5CVSS5.7AI score0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 12:0 a.m.4 views

UBUNTU-CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 8:16 p.m.4 views

UBUNTU-CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder