Lucene search
K

124 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...

5.5CVSS5.5AI score0.00154EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Apache2

An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...

7.5CVSS7.2AI score0.00402EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed an out-of-bounds shift in the exponential backoff mechanism. The ENA adapters on our instances occasionally reset. Recently, a UBSAN failure was logged on the console during this process: UBSAN: Out-of-bounds shif...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 11:49 p.m.32 views

CVE-2026-41727 In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

6.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:49 p.m.25 views

CVE-2026-41727

Summary: Spring for Apache Kafka’s retry topic infrastructure does not adequately validate user-controlled header values, allowing a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify a message’s position in the retry sequen...

6.5CVSS5.5AI score0.0024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 11:49 p.m.8 views

CVE-2026-41727 In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

6.5CVSS5.5AI score0.0024EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

CVE-2026-41727: In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

6.5CVSS5.2AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/24 4:16 a.m.5 views

CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS0.00369EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/24 3:27 a.m.7 views

CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS5.2AI score0.00369EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011076)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011076 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...

7.1CVSS6.3AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.5 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 4:16 p.m.5 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS0.00332EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 3:47 p.m.14 views

CVE-2026-34219

CVE-2026-34219 affects libp2p-rust’s libp2p-gossipsub: prior to 0.49.4, Gossipsub’s backoff expiry handling can overflow when adding Slack to an Instant, after a crafted PRUNE with attacker-controlled backoff. This remotely reachable panic is triggered in heartbeat processing and is exploitable o...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 3:47 p.m.26 views

CVE-2026-34219 libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS0.00332EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/31 3:47 p.m.2 views

CVE-2026-34219 libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:47 p.m.7 views

CVE-2026-34219

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 1:4 p.m.8 views

libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling

Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/30 1:4 p.m.3 views

GHSA-XQMP-FXGV-XVQ5 libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling

Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.10 views

PT-2026-29063

Name of the Vulnerable Software and Affected Versions libp2p-rust versions prior to 0.49.4 Description The libp2p-rust Gossipsub implementation has a flaw where a crafted PRUNE control message with a near-maximum backoff value can cause a panic due to unchecked Instant + Duration arithmetic durin...

8.7CVSS6AI score0.00473EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder