Lucene search
K

1649 matches found

CVE
CVE
added 2026/06/24 4:30 p.m.10 views

CVE-2026-53123

The CVE relates to the Linux kernel md subsystem during raid456 reshape. If a direct IO operation crosses the reshape boundary, raid5_make_request() can sleep while an active_io reference is held. If userspace freezes reshape and triggers mddev_suspend(), the code kills active_io and waits for in...

5.7AI score0.00171EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before executing the pending tasks. Normally, this works fine, as the tasks either end up blocking other processes or...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...

7.8CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52018

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ublk component where the per-IO canceled flag may remain set if a ublk server dies after issuing some, but not all, fetch commands during device recovery. Because...

6AI score0.00145EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred due to stale SRB accesses during I/O timeouts. Ensured that the SRB is returned during the escalation of an I/O timeout error. If this is not possible, the escalation path is failed...

5.5CVSS6.2AI score0.00208EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Tomcat9

The simplified implementation of blocking reads and writes introduced in Tomcat 10, and backported to Tomcat 9.0.47 and later versions, exposed a long-standing but extremely difficult to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and...

3.7CVSS6.7AI score0.01912EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iio: accel: sca3300: fixed uninitialized iio scan data Fixed the potential leakage of uninitialized stack data into the user space by ensuring that the channels array is cleared before use...

5.5CVSS6AI score0.00128EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: fixed a memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns an error, iiodeviceregistereventset must free the attrs array. Otherwise, kmemleak will detect and report a memory leak as follows:...

5.9AI score0.00195EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fixed invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is opened and then closed, the dirty pages still remain in the pageref list. Eventually, those pages may be processed during the...

7.8CVSS6AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Reworked the handling of scratch space for READPLUS again. I found that the read code might send multiple requests using the same nfspgioheader. However, the nfs4procreadsetup function is only called once. As a result, w...

5.5CVSS6AI score0.00176EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 2:17 p.m.3 views

ALPINE-CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.8AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 10:17 p.m.25 views

CVE-2026-54533 vantage6 node has an Improper Access Control issue

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

6.9CVSS0.00285EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 9:5 p.m.23 views

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

5.3CVSS5.3AI score0.00087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Xen: x86 HVM I/O Port List Traversal (XSA-491)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.8AI score0.00095EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 11:46 a.m.10 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS5.5AI score0.00145EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.16 views

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2336)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is setCVE-2025-71089 tls: Fix...

9.8CVSS6.7AI score0.96267EPSS
Exploits232References84
NVD
NVD
added 2026/06/09 6:16 p.m.15 views

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:22 p.m.20 views

CVE-2025-54509

CVE-2025-54509 describes improper access control for the IOMMU register interface, potentially allowing a privileged attacker using the AMD secure processor (ASP) to cause non-coherent accesses and induce loss of integrity. The vulnerability stems from access control weaknesses in the IOMMU regis...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder