Lucene search
K

201 matches found

Ubuntu
Ubuntu
added 2026/07/05 11:1 p.m.11 views

USN-8504-1: SOGo vulnerabilities

It was discovered that SOGo did not properly sanitize categories used for events, tasks, and contacts. A remote authenticated attacker could possibly use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu...

8.6CVSS6.5AI score0.00987EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix for accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once...

5.5CVSS6.2AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: The affinity hint was cleared before calling ath11kpcicfreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation o...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 7:2 p.m.39 views

CVE-2026-27878

Grafana Tempo is affected by CVE-2026-27878 due to a TraceQL query that uses a large exemplars hint value, which can cause the Tempo instance to allocate excessive memory and crash (out-of-memory) for an authenticated user, enabling a denial of service. The public documents describe the issue and...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/19 7:2 p.m.5 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:2 p.m.25 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 7:2 p.m.3 views

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS6AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/17 3:49 p.m.9 views

CVE-2026-46448

A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...

8.5CVSS4.8AI score0.00272EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37218

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

5.4CVSS5.1AI score0.00272EPSS
Exploits1References4
NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

8.5CVSS0.00272EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/16 12:0 a.m.9 views

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

8.5CVSS5.3AI score0.00272EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/16 12:0 a.m.26 views

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

5.4CVSS0.00272EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 12:0 a.m.21 views

CVE-2026-46448

OpenStack Nova before 33.0.2 is affected: the server create API does not strip internal _nova-prefixed scheduler hints, causing instances to be created without proper Placement allocation. This can enable resource misallocation and, in worst cases, denial of service through compute-node resource ...

8.5CVSS5.2AI score0.00272EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/16 12:0 a.m.2 views

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

5.4CVSS5.9AI score0.00272EPSS
Exploits1References5
OSV
OSV
added 2026/06/16 12:0 a.m.8 views

UBUNTU-CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

8.5CVSS5.2AI score0.00272EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Check for a NULL idev in iprouteusehint. The syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears that this bug still exists in the latest trees. All calls to indevgetrcu must be...

5.5CVSS6.3AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Resets queuepriorityhint when the queue is empty. Originally, with strict order execution, execution could only be completed when the queue was empty. Preempt-to-busy allows for the replacement of an active request...

5.5CVSS6.4AI score0.00269EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: enetc: An illegal access occurred when reading the affinityhint parameter. The irqsetaffinityhit function stores a reference to the cpumaskt parameter in the irqdescriptor. This reference can be accessed later from...

8.1CVSS5.7AI score0.00936EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.49 views

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0References5Affected Software1
RustSec
RustSec
added 2026/05/05 12:0 p.m.10 views

Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder