8414 matches found
CVE-2026-9136
CVE-2026-9136 affects the ShadowAttribute proposal creation workflow in MISP. An add action accepted client-supplied ShadowAttribute data without stripping the id field, allowing an authenticated user to supply the identifier of an existing ShadowAttribute and cause an update instead of creating ...
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
CVE-2026-20171
A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...
CVE-2026-20171
CVE-2026-20171 affects Cisco Nexus 3000 and Nexus 9000 Series switches in standalone NX-OS mode. The vulnerability lies in the BGP enforce-first-as feature, due to incorrect parsing of a transitive BGP attribute. An unauthenticated, remote attacker could send a crafted BGP update to trigger BGP p...
CVE-2026-20171 Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...
Cross-site Scripting (XSS)
Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete URL attribute validation in UrlAttributeSanitizer. An attacke...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes due to Improperly Controlled Modification of...
CVE-2026-8467
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
CVE-2026-8467
PHOENIX_STORYBOOK contains a code‑injection vulnerability (CVE-2026-8467) that allows unauthenticated remote code execution via HEEx template injection. An attacker can supply arbitrary attribute names/values to the psb-assign WebSocket handler; unescaped attribute values are interpolated into HE...
glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: schtaprio: fixed possible use-after-free issue. syzbot reported a serious crash 1 in nettxaction, which made no sense until we received a reproduction example. This reproduction example reinstalls the taprio qdisc,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a overflow check for attribute size. The offset addition could cause an overflow, potentially passing the used size check when parsing MFT attributes with very large sizes e.g., 0xffffff7f. This could lead to...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference bug. The issue arises when this function is called from ntfsloadattrlist. The value of “size” is calculated as le32tocpuattr-res.datasize. On 64-bit systems, this does not cause an overflow, but...
Astra Linux - уязвимость в 389-ds-base
A heap overflow flaw was discovered in 389-ds-base. This issue causes a denial of service when writing a value larger than 256 characters in logentryattr...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: cpufreq: amd-pstate: fixed the global sysfs attribute type In commit 3666062b87ec “cpufreq: amd-pstate: moved to use busgetdevroot”, the “amdpstate” attributes were moved from a dedicated kobject to the cpu root kobject. While...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-sysman: Fixed reference leak issue. If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to handle this situation appropriately. In such cases,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed warnings regarding empty attribute names in kobjects. The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible Engine, affecting versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, and 2.9.x before 2.9.7. It also affects Ansible Tower in versions 3.4.5 and 3.5.5, as well as 3.6.3, when the ldapattr and ldapentry community modules are used. This issue exposes the LDAP bind...
Astra Linux - уязвимость в wireshark
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This issue was addressed in epan/dissectors/packet-btatt.c by validating opcodes...