Lucene search
K

6137 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...

6.9AI score0.00198EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: 1. Deleting the last element does not require moving elements. In fact, the element at position i+1 is out of bounds. 2...

7.1CVSS6.1AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.6AI score0.00299EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52097

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Description The ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. While the LinkSpan component utilizes sanitizeUrl t...

4.4CVSS6AI score0.00118EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 8:53 p.m.7 views

EUVD-2026-38593

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/23 8:53 p.m.4 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

8.6CVSS6AI score0.00228EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00228EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38261

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS6AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 4:36 p.m.4 views

GHSA-WJV4-X9W8-WM3H Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Summary Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. Nokogiri...

6.3CVSS5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed an integer overflow in aie2queryctxstatusarray. The unpublished smatch static checker reported a warning. In drivers/accel/amdxdna/aie2pci.c, line 904 of aie2queryctxstatusarray: Warning: Potential...

6.6AI score0.00152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the vhost-vsock device of QEMU. In the event of an error, an invalid element was not detached from the virtqueue before freeing its memory, resulting in memory leakage and other unexpected issues. This issue affects QEMU versions up to 6.2.0...

3.2CVSS6.1AI score0.00391EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox

The SVG element could have been used to load unexpected content that might execute scripts under certain circumstances. Although the specification appears to allow this, other browsers do not do so. Web developers relied on this property for script security, so Gecko’s implementation was aligned...

8.8CVSS7.2AI score0.00548EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in the SVG implementation in Blink, as used in Google Chrome before version 35.0.1916.114. This vulnerability allows remote attackers to cause a denial of service or potentially cause unspecified other impacts through vectors that trigger the removal of an...

7.5CVSS7.2AI score0.01667EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.14 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection fault, likely due to an non-canonical address...

5.5CVSS5.8AI score0.00132EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A issue was discovered in the Linux kernel before version 6.0.11. A missing offset validation in the driver/net/wireless/microchip/wilc1000/hif.c file within the WILC1000 wireless driver can lead to an out-of-bounds read during the parsing of a Robust Security Network RSN information element from...

7.1CVSS6.7AI score0.00307EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: a possible memory leak in mISDNdspelementregister has been fixed. After committing 1fa5ae857bb1 "driver core: get rid of struct device’s busid string array", the name of the device is allocated dynamically. Use putdevic...

5.5CVSS6.3AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in OpenLDAP

A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...

7.5CVSS6.9AI score0.1229EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fixed a potential VPE leak upon error. In itsvpeirqdomainalloc, when itsvpeinit returns an error, there is an off-by-one issue with the number of VPEs that need to be freed. This issue was fixed by simply...

5.5CVSS5.2AI score0.00251EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in expat

In Expat also known as libexpat, before version 2.4.5, an attacker could trigger stack exhaustion in buildmodel by using a large nesting depth in the DTD element...

6.5CVSS6.6AI score0.03268EPSS
Exploits0References2
Rows per page
Query Builder