90 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: A buffer overflow has been fixed in the liootargetnaclinfoshow function. The function liootargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checkin...
EUVD-2026-37177
In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49801
In lwis device external event emit of lwis event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
Malicious code in events-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...
CVE-2026-8336
After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...
Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands
After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...
CVE-2026-8336
CVE-2026-8336 describes a post-authentication use-after-free in MongoDB Server related to $_internalJsEmit and mapreduce map function usage. According to the provided documents, when an authenticated user invokes these elements (with server-side JavaScript engine features such as $where, $functio...
CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands
After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...
CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands
After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...
PT-2026-34392
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006988)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006988 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006700)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006700 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...
CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708
CVE-2026-0708 (Libucl) describes a denial-of-service in libucl caused by a crafted UCL input containing a key with an embedded null byte. This can trigger a segmentation fault in ucl_object_emit during parsing/emitting, leading to DoS on affected systems. The CVSS base score is 8.3 ( HIGH ) with ...
CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
libucl 安全漏洞
Libucl is a C-language general configuration library parser developed by Vsevolod Stakhov. Libucl has a security vulnerability. This vulnerability arises from the uclobjectemit function during parsing and emitting UCL inputs containing embedded null-byte keys, which may lead to a denial-of-servic...
PT-2026-25869
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...
EUVD-2025-206734
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE...
CVE-2025-5319
CVE-2025-5319 affects Emit Informatics’ DIGITA Efficiency Management System (DIGITA EMS). Multiple connected sources describe an improper neutralization of special elements in SQL commands (SQL injection) as the root cause, with the DIGITA EMS affected through 03022026. The NVD/Red Hat records co...