Lucene search
K

1204 matches found

Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

6.5CVSS6AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56077

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description An authorization bypass exists in the devcontainer recreate endpoint. The endpoint relied on route...

5.4CVSS6AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56067

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the PUT /api/v2/users/user/password endpoint only authorized the ActionUpdatePersona...

7.2CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-550 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 12:0 a.m.3 views

ALSA-2026:33092 Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

9.8CVSS5.8AI score0.00451EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Oracle Linux 8 : postgresql:12 (ELSA-2026-28999)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28999 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Backport CVE-2025-8715 - Fix backport for...

8.8CVSS5.9AI score0.89472EPSS
Exploits14References3
OSV
OSV
added 2026/06/24 12:5 p.m.3 views

RLSA-2026:26566 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

7.8CVSS6.1AI score0.00165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/22 4:35 a.m.13 views

Critical: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.9AI score0.00563EPSS
Exploits4References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: Use DEBUGNETWARNONONCE. The following issue is easy to reproduce both upstream and in the -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 “net: add and use skbgethashsymmetricnet"...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: TX zerocopy should not access the pfmemalloc status. We received a recent syzbot report 1 indicating a possible misuse of the page status in TCP zerocopy paths. Indeed, for pages originating from user space or other layers,...

7CVSS5.7AI score0.00192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Xen

A issue was discovered in Xen through version 4.11.x, allowing users of x86 Intel HVM guest operating systems to obtain unintended read/write DMA access. This could potentially lead to a denial of service causing the host operating system to crash or result in privilege escalation. This issue...

7.8CVSS7.2AI score0.00356EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an issue in verifying allowptrleaks. After we changed the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. This was because it failed the bp...

5.7AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 12:3 a.m.6 views

RLSA-2026:26610 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

7.8CVSS5.7AI score0.00165EPSS
Exploits0References10
Rockylinux
Rockylinux
added 2026/06/19 12:1 a.m.6 views

xorg-x11-server security, bug fix, and enhancement update

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list X.Org is an open-source implementation of the X Window System. It...

7.8CVSS5.8AI score0.00165EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/19 12:1 a.m.6 views

xorg-x11-server-Xwayland security, bug fix, and enhancement update

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Xwayland is an X server for running X clients under Wayland...

7.8CVSS5.8AI score0.00165EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/06/18 12:0 a.m.7 views

openssl security update

1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing...

8.8CVSS5.8AI score0.05582EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.12 views

Debian dla-4628 : linux-base - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4628 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4628-1 [email protected] https://www.debian.org/lts/security/ B...

5.4AI score
Exploits0References2
Debian
Debian
added 2026/06/12 10:23 a.m.11 views

[SECURITY] [DLA 4628-1] linux-base update

Debian LTS Advisory DLA-4628-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 12, 2026 https://wiki.debian.org/LTS Package : linux-base Version : 4.12.1deb12u1 The linux-base package has been updated to support installation of a backport of Linux 6.12. For...

5.4AI score
Exploits0
Debian
Debian
added 2026/06/12 10:22 a.m.8 views

[SECURITY] [DLA 4627-1] kernel-wedge update

Debian LTS Advisory DLA-4627-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 12, 2026 https://wiki.debian.org/LTS Package : kernel-wedge Version : 2.106deb12u1 The kernel-wedge package has been updated to support building a backport of Linux 6.12. For Debian ...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/09 7:6 p.m.6 views

SUSE-SU-2026:2327-1 Security update for go1.26

This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...

7.5CVSS5.7AI score0.00904EPSS
Exploits0References8
Rows per page
Query Builder