348 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset the dql stats during a NONFATAL reset. All ibmvnic resets should instead call netdevtxresetqueue when reopening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats...
CVE-2026-41311
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...
GHSA-44QJ-CGHF-9P97 free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware same root cause as free5gc/free5gc887. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration, which calls...
GHSA-RXRQ-FV76-26PR free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
Summary free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error invokes logger.PFDManageLog.Fatalerr, which is os.Exit1-equivalent in Go...
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
Summary free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error invokes logger.PFDManageLog.Fatalerr, which is os.Exit1-equivalent in Go...
CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945
CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...
CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...
CLSA-2026-1777940187 sudo: Fix of CVE-2026-35535
CVE-2026-35535: make privilege drop failure fatal before running the mailer...
CLSA-2026-1777939719 sudo: Fix of CVE-2026-35535
CVE-2026-35535: make privilege drop failure fatal before running the mailer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...
CVE-2026-1528
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...
SUSE CVE-2026-26018
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...
GHSA-H75P-J8XM-M278 CoreDNS Loop Detection Denial of Service Vulnerability
Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...
EUVD-2026-10043
CoreDNS Loop Detection Denial of Service Vulnerability...
CoreDNS Loop Detection Denial of Service Vulnerability
Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...
CVE-2026-26018
CoreDNS prior to version 1.14.2 contains a DoS in the loop-detection plugin due to a predictable PRNG used for a secret query name and a fatal error handler that terminates the process. The issue can crash the DNS server when processing specially crafted DNS queries and is classified with CVSS v3...
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...
CVE-2026-26018
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...
PT-2026-23722
Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.2 Description CoreDNS is a DNS server that utilizes chained plugins. A denial of service condition exists in the loop detection plugin due to a predictable pseudo-random number generator PRNG used for generating ...