Lucene search
+L

5145 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51904

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2 open during durable reconnect In smb2 open, the call to ksmbd put durable fdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51890

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd component of the Linux kernel during the durable v2 open process. When the parse durable handle context function handles a DURABLE REQ V2 request, it...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References18
OSV
OSV
added 2026/06/23 5:12 p.m.7 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:12 p.m.13 views

Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51632

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised, then the kernel will make a mistake. Check the result of vchannextdesc in the handler axichanblockxfercomplet...

5.5CVSS6AI score0.00157EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mt76: fixed the crash in monitor mode with the sdio driver. The mt7921s driver may receive frames with fragment buffers. If a CTS packet is received in monitor mode, the payload is only 10 bytes, and 6 bytes of header padding ...

5.5CVSS6.6AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 12:32 a.m.15 views

EUVD-2026-37803

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

5.3AI score0.00087EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:16 p.m.14 views

CVE-2026-8049

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

5.3CVSS0.00087EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:5 p.m.24 views

CVE-2026-8049 CVE-2026-8049

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

0.00087EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:5 p.m.29 views

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

5.3CVSS5.3AI score0.00087EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2025-210153

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.14 views

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.10 views

CVE-2026-50633

A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...

8.1CVSS5.7AI score0.0083EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.10 views

CVE-2026-45536

A flaw was found in Netty, a network application framework. A local attacker could exploit a vulnerability in the nettyunixsocketrecvFd function when handling SCMRIGHTS messages in Epoll or KQueue DomainSocketChannel with DomainSocketReadMode.FILEDESCRIPTORS enabled. Incorrect handling of file...

4CVSS5.2AI score0.00136EPSS
Exploits0References6
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2025-55663

GPAC MP4Box v2.4 is affected by a vulnerability in Track_SetStreamDescriptor (isomedia/track.c) where a malformed MP4 file can trigger a segmentation fault, leading to Denial of Service. The issue is caused by a segmentation violation inside Track_SetStreamDescriptor, enabling DoS via crafted inp...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.33 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
OSV
OSV
added 2026/06/15 12:0 a.m.5 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.9AI score0.00188EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/06/12 9:36 p.m.3 views

go.opentelemetry.io/otel: go.opentelemetry.io/otel/schema/v1.0: go.opentelemetry.io/otel/schema/v1.1: OpenTelemetry-Go: Denial of Service due to file descriptor leak

A flaw was found in OpenTelemetry-Go before schema package version 0.0.17. ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can...

5.5CVSS6AI score0.00168EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/12 2:12 p.m.10 views

CVE-2026-45536 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS5.2AI score0.00136EPSS
Exploits0References3
Rows per page
Query Builder