Lucene search
K

16791 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: This issue prevents infinite loops that occur when the next valid value is the same. When processing the valid field within the range valid : pos, if the valid value cannot be retrieved correctly—for example, if the...

5.5CVSS5.7AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: This issue is prevented by validating the rounded allocation size. When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power of two using rounduppowoftwo. Similarly, for non-contiguou...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...

6AI score0.00214EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit numsyncs to prevent oversized allocations. The OA open parameters did not validate numsyncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations. A check was added to...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Tracing: The WARNON message in tracingbuffersmmapclose has been fixed for split VMA instances. When a VMA is split e.g., through partial munmap or MAPFIXED, the kernel calls vmops-close on each portion of the VMA. For trace buffe...

6AI score0.00169EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: The error code in mchpeicdomainalloc has been fixed. If irqdomaintranslatetwocell sets “hwirq” to = MCHPEICNIRQ 2, it may lead to an out-of-bounds access. The code checks for invalid values, but does not set the...

6.1AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56370

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

7.8CVSS0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:10 p.m.5 views

OESA-2026-2699 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The HTTP/2 server in libsoup may not...

8.6CVSS6.9AI score0.00947EPSS
Exploits1References7
OSV
OSV
added 2026/06/24 11:55 a.m.2 views

SUSE-SU-2026:2622-1 Security update for libheif

This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...

8.8CVSS6.1AI score0.00514EPSS
Exploits6References45
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.37 views

CVE-2026-56370 ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

4.8CVSS0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 9:3 a.m.1 views

SUSE-SU-2026:2617-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 9:3 a.m.2 views

SUSE-SU-2026:2616-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/24 7:54 a.m.4 views

openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 7:14 a.m.7 views

EUVD-2026-38720

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

5.7AI score0.00126EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.15 views

RHEL 9 : openssl-fips-provider (RHSA-2026:28832)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28832 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl:...

7.5CVSS7.4AI score0.00981EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 1:16 p.m.13 views

CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS0.00247EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 7:29 a.m.4 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

8.8CVSS7.1AI score0.93235EPSS
Exploits57References19
Rows per page
Query Builder