Lucene search
K

1078 matches found

RedHat Linux
RedHat Linux
added 2026/05/05 10:35 a.m.5 views

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

7.5CVSS5.8AI score0.00994EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:22 a.m.8 views

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

7.5CVSS5.8AI score0.00994EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/05 9:31 a.m.12 views

Moderate: Red Hat Security Advisory: corosync security update

An update for corosync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/05/05 9:31 a.m.9 views

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

7.5CVSS5.8AI score0.00994EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 12:0 a.m.9 views

ALSA-2026:13673 Moderate: corosync security update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer overflow in join message...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
OSV
OSV
added 2026/05/05 12:0 a.m.6 views

ALSA-2026:13644 Moderate: corosync security update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer overflow in join message...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
OSV
OSV
added 2026/05/05 12:0 a.m.8 views

ALSA-2026:13657 Moderate: corosync security update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer overflow in join message...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

RHEL 8 : corosync (RHSA-2026:13657)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13657 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

RHEL 10 : corosync (RHSA-2026:13644)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13644 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes:...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References7
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.13 views

Moderate: corosync security update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer overflow in join message...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.13 views

Moderate: corosync security update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer overflow in join message...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
Snyk
Snyk
added 2026/05/04 8:11 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.5AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.13 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:47 p.m.7 views

Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:46 p.m.8 views

Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6

Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...

6.3CVSS5.7AI score0.00556EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/02 5:17 p.m.7 views

CLSA-2026-1777742234 corosync: Fix of 2 CVEs

CVE-2026-35091: fix incorrect return value in checkmembcommittokensanity allowing DoS via crafted membcommittoken packet - CVE-2026-35092: fix integer overflow in checkmembjoinsanity allowing bypass of length validation via crafted membjoin packet...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/05/01 6:31 p.m.18 views

MixPHP Framework has an SQL injection vulnerability

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.8 views

PT-2026-36891

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An issue exists where notes and uploaded assets remain accessible after a public book is soft-deleted. Unauthenticated users with the note ID or slug path can access data via the endpoints...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References9
Rows per page
Query Builder