Lucene search
+L

102 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 2:25 a.m.13 views

CVE-2026-54430

A flaw was found in liboauth2 in the oauth2josejwksawsalbresolve function. The AWS ALB JWT verifier reads the signer and kid fields from the unverified JWT header. When signer matches the configured ARN, kid is appended to the ALB base URL without path sanitization, and an HTTP GET request is...

5.8CVSS5.8AI score0.00121EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 11:16 a.m.12 views

CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 11:16 a.m.4 views

UBUNTU-CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.9AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 10:30 a.m.5 views

CVE-2026-54430 Server-Site Request Forgery in liboauth2

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.9AI score0.00121EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 8:17 p.m.9 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS0.00473EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 11:55 a.m.6 views

SUSE-SU-2026:2630-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed wo...

9.8CVSS7AI score0.0055EPSS
Exploits8References63
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: alb: fixed a UAF in rlbarprecv during bond up/down. The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still...

7.8CVSS6.4AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 8:40 a.m.14 views

SUSE-SU-2026:2331-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

9.8CVSS5.6AI score0.00563EPSS
Exploits32References27
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.11 views

SUSE CVE-2026-45970

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...

7CVSS5.7AI score0.00126EPSS
Exploits0References67
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45970

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...

7.8CVSS0.00126EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:17 p.m.13 views

UBUNTU-CVE-2026-45970

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References11
OSV
OSV
added 2026/05/27 12:18 p.m.2 views

CVE-2026-45970 bonding: alb: fix UAF in rlb_arp_recv during bond up/down

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...

7.8CVSS6.3AI score0.00126EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

A vulnerability was discovered in the Linux kernel and is classified as problematic. The affected component is the function rlbarpxmit in the file drivers/net/bonding/bondalb.c of the IPsec module. This vulnerability causes a memory leak. It is recommended that a patch be applied to address this...

3.5CVSS5.1AI score0.00248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013311 advisory. A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlbarpxmit of the file drivers/net/bonding/bondalb.c ...

3.5CVSS4.8AI score0.00248EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/12 2:50 p.m.7 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.22.11), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.14-next.1) +7 more potentially affected by CVE-2026-32235 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.27.1-next.2)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =1.0.0, =1.2.0 -...

5.9CVSS5.8AI score0.00139EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4584

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00321EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in alb-um-availa-ble-zip-mp3-file-central-market-ilx22-uynmjv (npm)

The package alb-um-availa-ble-zip-mp3-file-central-market-ilx22-uynmjv was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in file-alb-um-zip-new-mp3-56040-vengeance-9f1kt-wcbqbj (npm)

The package file-alb-um-zip-new-mp3-56040-vengeance-9f1kt-wcbqbj was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj (npm)

The package availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in availab-le-alb-um-zip-26952-slain-by-yatsura-3pr31-aqtxea (npm)

The package availab-le-alb-um-zip-26952-slain-by-yatsura-3pr31-aqtxea was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder