120 matches found
Astra Linux - уязвимость в apache2
An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue of locking the global state without backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses an...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed an out-of-bounds shift in the exponential backoff mechanism. The ENA adapters on our instances occasionally reset. Recently, a UBSAN failure was logged on the console during this process: UBSAN: Out-of-bounds shif...
CVE-2026-41485
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011076)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011076 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...
CVE-2026-34219
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-34219
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-34219
CVE-2026-34219 affects libp2p-rust’s libp2p-gossipsub: prior to 0.49.4, Gossipsub’s backoff expiry handling can overflow when adding Slack to an Instant, after a crafted PRUNE with attacker-controlled backoff. This remotely reachable panic is triggered in heartbeat processing and is exploitable o...
CVE-2026-34219 libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-34219 libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
CVE-2026-34219
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled...
GHSA-XQMP-FXGV-XVQ5 libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling
Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling
Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...
PT-2026-29063
Name of the Vulnerable Software and Affected Versions libp2p-rust versions prior to 0.49.4 Description The libp2p-rust Gossipsub implementation has a flaw where a crafted PRUNE control message with a near-maximum backoff value can cause a panic due to unchecked Instant + Duration arithmetic durin...
CVE-2026-33040
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...
macOS 14.x < 14.8.5 Multiple Vulnerabilities (126796)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.5. It is, therefore, affected by multiple vulnerabilities: - A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A...
Linux Distros Unpatched Vulnerability : CVE-2026-33040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts...
SUSE CVE-2026-33022
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...
CVE-2026-33022
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...