Lucene search
K

13150 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: Cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we execute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related t...

7.8CVSS6.4AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in avahi

In Avahi, including versions 0.6.32 and 0.7, avahi-daemon inadvertently responds to IPv6 unicast queries with source addresses that are not on-link. This allows remote attackers to cause a denial of service traffic amplification and may lead to information leakage by extracting potentially...

9.1CVSS6.9AI score0.03082EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protection against send buffer overflow in NFSv2 READDIR. The previous limit on the @count argument has been restored to prevent buffer overflow attacks...

7.8CVSS5.6AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in sssd

A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...

9.3CVSS6.6AI score0.02524EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fixed an UAF in svctcplistendataready After the listener svcsock is freed, and before invoking svctcpaccept for the established child sock, there is a window during which the newsock may retain a freed listener svcsock in...

7.8CVSS6.3AI score0.00215EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in avahi

A vulnerability was discovered in the avahi library. This flaw allows a non-privileged user to make a dbus call, causing the avahi daemon to crash...

5.5CVSS6.3AI score0.00392EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PCS

A flaw was discovered in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts, as well as accounts with expired passwords, to log in when using PAM authentication. As a result, unprivileged expired accounts that had been denied access could still log in...

8.8CVSS7.1AI score0.01825EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...

6.5CVSS6.6AI score0.00621EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.8. The file fs/smb/server/smb2pdu.c in ksmbd contains an integer underflow and an out-of-bounds read during the deassemblenegcontexts function...

9.8CVSS6.7AI score0.01129EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak in activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: It is required that 3 sub-authorities are present before reading subauth2. The function parsedacl compares each ACE SID against sidunixNFSmode. When a match is found, sid.subauth2 is read as the file mode. If sidunixNFSmod...

8.6CVSS5.7AI score0.00366EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.5 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/19 6:31 a.m.3 views

GHSA-XG3J-C7Q4-F9PH Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:17 a.m.12 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:57 a.m.29 views

CVE-2026-10720 MicroCeph path traversal issue in the remote-import API

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:57 a.m.6 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:57 a.m.9 views

EUVD-2026-37990

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/19 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: perl-HTTP-Daemon-6.17-1.fc43

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
Fedora
Fedora
added 2026/06/19 1:1 a.m.8 views

[SECURITY] Fedora 44 Update: perl-HTTP-Daemon-6.17-1.fc44

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
Rows per page
Query Builder