Lucene search
K

1365 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in curl

An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...

3.3CVSS5.5AI score0.00359EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations It seems that nothing limits the number of concurrent async COPY operations that clients can initiate. Additionally, AFAICT allows each async COPY to copy an unlimited...

5.5CVSS6.1AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A missing delay in the timing of the pointer lock mechanism could have allowed a malicious page to trick users into granting permissions. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

5.5CVSS6.6AI score0.00609EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

4.3CVSS6.6AI score0.00781EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connected to cupsd but sent very slow messages—for example, only one byte per second—could delay cupsd as a whole, rendering it unusable for other clients...

5.5CVSS5.8AI score0.00195EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode = 0x0000000b...

5.5CVSS5.7AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49092

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The KVM/QEMU monitoring engine in the glances/plugins/vms/engines/virsh.py file fails to sanitize VM domain names retrieved from the virsh list --all output. These names are passed into f-string...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.7 views

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS0.00228EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.8 views

Malicious code in @403name/fsevent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f86ca4502cc824c3684e8f1e08b088b974b4339829461b50d45e3fbc6f808eb On require, index.js runs an IIFE that gates to macOS, skips when CI or GITHUBACTIONS is set, waits 30-90 seconds, and writes a one-shot marker at...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48751

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS5.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 3:1 p.m.9 views

CVE-2026-42599

A flaw was found in Svelte. When an application uses spread syntax to render attributes from untrusted data, event handler properties are included in the generated HTML output. This allows a remote attacker to inject malicious event handlers that can execute in a victim's web browser, leading to...

6.1CVSS5.4AI score0.00168EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.12 views

Hiding the Trees in the Forest: Building Network Covert Channels with Hash-Based Covert Carrier Filtering

As an effective anti-censorship mechanism, network covert channels can provide data privacy protection and ensure communication security. However, the covertness of existing network covert channels primarily depends on the secrecy of their covert algorithms. With the increasing depth of research ...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.13 views

CVE-2026-45149

A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high...

7.5CVSS6.9AI score0.00278EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 3:46 p.m.27 views

CVE-2026-46293

In the Linux kernel, the clk: microchip: mpfs-ccc driver fixes an out-of-bounds access during output registration. UBSAN flagged a bound error when registering the last two outputs because the hws array only allocates space for two PLLs and four output dividers, while the defined IDs include two ...

5.4AI score0.00173EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/08 6:8 a.m.16 views

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code VS Code will apply a two-hour delay before extensions for the integrated development environment IDE are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new version...

5.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/08 3:27 a.m.8 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.6AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-45410

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS5.5AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:18 p.m.7 views

JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.2AI score0.0032EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 8:34 a.m.5 views

SUSE-SU-2026:22080-1 Security update for samba

This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on reparse point operations bsc1261188. - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without...

9.8CVSS5.6AI score0.12797EPSS
Exploits7References18
Rows per page
Query Builder