357 matches found
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...
EUVD-2026-36203
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the wand option parser when invalid arguments are provided. An attacker can cause increased memory consumption by supplying specially crafted input. Remediation A fix was pushed into...
Missing Release of Resource after Effective Lifetime
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read loop...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the KASAN use-after-free issue in computeeffectiveprogs Syzbot identified a use-after-free bug in the computeeffectiveprogs function. The reproducer creates several BPF links, causing a failure in the injected allocati...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf, cgroup: Fixed a kernel bug in purgeeffectiveprogs Syzkaller reported a triggered kernel bug as follows: ------------ cut here ------------ Kernel bug at kernel/bpf/cgroup.c:925! Invalid opcode: 0000 1 PREEMPT SMP NOPTI CP...
MAL-2026-3454 Malicious code in @squawk/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3774c2374f8e3ab7673400940dfc50d0826239ac34fd2e1170c7ab4c48de6a7 The package @squawk/types was found to contain malicious code. Source: ghsa-malware 14506d7385d737662e11382d460e176a16e727348a5b09cf27325bfbd4566f83...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handling of TCP connections with ALLOWHALFCLOSURE enabled when a remote peer sends a FIN followed by a RST. An attacker can cause resource exhaustion or high CPU utilization by...
Astra Linux - Vulnerability in linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog-stats access when updateeffectiveprogs fails Syzkaller triggers an invalid memory access issue following a fault injection in updateeffectiveprogs. The issue can be described as follows: cgroupbpfdetach...
CVE-2026-35370
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
EUVD-2026-25019
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...
EUVD-2026-25018
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
GHSA-53GR-WMF4-8HH3 uutils coreutils's User Interface (UI) Misrepresents Critical Information
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...
GHSA-Q94G-3GCF-66X7 uutils coreutils has an Incorrect Authorization issue
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
uutils coreutils's User Interface (UI) Misrepresents Critical Information
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...
uutils coreutils has an Incorrect Authorization issue
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
CVE-2026-35370
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...
CVE-2026-35371
CVE-2026-35371 concerns the id utility in the uutils coreutils package. The vulnerability arises in the pretty print mode, where the tool incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This causes the output to misreport the i...
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...