Lucene search
K

14180 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the RDPSND async playback thread could process queued PDUs after the channel was closed and its internal state was freed, resulting in a use after free in rdpsndtreatwave. This vulnerability has been fixed i...

8.7CVSS5.3AI score0.00534EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...

6AI score0.00222EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS6.1AI score0.00599EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:14 p.m.7 views

OESA-2026-2735 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

9.6CVSS6AI score0.00476EPSS
Exploits0References30
Rockylinux
Rockylinux
added 2026/06/24 12:0 p.m.33 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS6.4AI score0.00353EPSS
Exploits11
OSV
OSV
added 2026/06/24 12:0 p.m.4 views

RLSA-2026:27353 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kerne...

7.8CVSS5.9AI score0.00353EPSS
Exploits11References9
OSV
OSV
added 2026/06/24 8:56 a.m.5 views

SUSE-SU-2026:22351-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. - CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12291: Use-after-free in the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2026/06/24 2:34 a.m.6 views

SUSE CVE-2026-56109

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

6.8CVSS5.9AI score0.00138EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the snd usbmidi get ms info function fails to properly bound MIDI endpoint descriptor scans. While the function validates the intern...

5.9AI score0.00184EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASOC qcom qdsp6 topology component where the system fails to verify the widget type before accessing private data. This can occur when a virtual widget is not...

9.8CVSS6AI score0.0053EPSS
Exploits4References376
NVD
NVD
added 2026/06/22 11:16 p.m.10 views

CVE-2026-54233

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...

6.5CVSS0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 10:10 p.m.30 views

CVE-2026-54233 vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...

6.5CVSS0.00243EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:10 p.m.5 views

CVE-2026-54233

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 10:10 p.m.3 views

CVE-2026-54233 vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 10:10 p.m.30 views

CVE-2026-54233

Affected software: vLLM (inference/serving engine). Vulnerability: decoding an audio file on the /v1/audio/transcriptions endpoint can cause extreme memory growth. A 25 MB OPUS upload decodes to about 14.9 GB of float32 PCM, because the audio decoder concatenates all frames in memory before retur...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.5 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 4:36 a.m.9 views

firefox: thunderbird: Incorrect boundary conditions in the Web Audio component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...

8.1CVSS5.8AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 4:5 a.m.9 views

firefox: thunderbird: Incorrect boundary conditions in the Web Audio component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...

8.1CVSS5.8AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.6 views

firefox: thunderbird: Incorrect boundary conditions in the Web Audio component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...

8.1CVSS5.8AI score0.00398EPSS
Exploits0References6
Rows per page
Query Builder