Lucene search
K

3975 matches found

CVE
CVE
added 6 days ago10 views

CVE-2026-59874

node-tar is a Node.js tar archive library. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to loop on the same header and make no progress; this is fixed in version 7.5.18. Upgrade to 7.5.18 to remediate. Th...

8.7CVSS5.9AI score0.00358EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59874

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS5.9AI score0.00358EPSS
Exploits1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42306

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS5.9AI score0.00358EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56494

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.18 Description The tar.replace function accepts a checksum-valid tar header containing a negative base-256 encoded entry size. This causes the archive scanner to enter a loop where it repeatedly parses the same...

8.7CVSS6.1AI score0.00358EPSS
Exploits1References7
Amazon
Amazon
added 2026/07/07 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare CVE-2026-43303 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl CVE-2026-43492 In...

9.8CVSS6.3AI score0.00675EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.6 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable...

7.8CVSS6.1AI score0.00112EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.6 views

SUSE CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 9:21 p.m.17 views

CVE-2026-53009

A flaw was found in the Linux kernel's ice network driver. An error in the driver's handling of network packet transmission, specifically when icetso or icetxcsum functions fail, can lead to a double-free of a network buffer skb. This occurs because a transmit buffer txbuf may still point to an...

7.8CVSS6.1AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.5 views

UBUNTU-CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.8AI score0.00112EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53250

CVE-2026-53250 : In the Linux kernel, the xsk_skb_metadata() path is vulnerable to a TOCTOU race in which csum_start and csum_offset are read from shared UMEM and then read again for skb assignment. A malicious userspace process can overwrite values between reads, bypassing bounds checks and caus...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

5.9AI score0.00112EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53250 xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53250 xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52345

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU issue exists in the xsk skb metadata function. The TX metadata area is located in the UMEM buffer, which is memory-mapped and can be written to by...

7.8CVSS6.1AI score0.00112EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/10 12:37 p.m.12 views

EUVD-2026-36006

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.6AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS5.5AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder