3542 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gve: Defer the enabling of interrupts until NAPI registration. Currently, interrupts are automatically enabled immediately upon request. This allows interrupts to occur before the associated NAPI context is fully initialized,...
PT-2026-51979
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free flaw exists in the Berkeley Packet Filter BPF subsystem. The task vma iterator reads task-mm locklessly and acquires mmap read trylock without calling mmget. If a task...
PT-2026-52034
Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...
CVE-2024-51454 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...
CVE-2024-51454
Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...
Important: Red Hat Security Advisory: webkitgtk4 security update
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...
Astra Linux – Vulnerability in Chromium
The object lifecycle issue in V8 of Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: vhostvdpa: The irqbypassunregisterproducer function must correctly assign the token. Previously, we used irqbypassunregisterproducer in vhostvdpasetupvqirq, which was problematic because we had no way of knowing whether the...
Astra Linux – Vulnerability in Chromium
In ANGLE of Google Chrome, before version 96.0.4664.110, there was an issue with the object lifecycle mechanism that allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
During the worker lifecycle, a use-after-free condition could occur, which may lead to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: Do not break the lifecycle of vmdev. vmdev has a separate lifecycle because it has a struct device embedded within it. Therefore, having a release callback for it is correct. However, allocating the vmdev structure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fixed NULL pointer dereferencing in ethgetdrvinfo The commit ec35c1969650 “usb: gadget: fncm: Fixed netdevice lifecycle handling with devicemove“” re-parents the gadget device to /sys/devices/virtual during...
EUVD-2026-37550
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Important: Red Hat Security Advisory: dovecot security update
An update for dovecot is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
CVE-2026-12465
CVE-2026-12465 affects Google Chrome Metrics: an Object lifecycle issue in Chrome prior to 149.0.7827.155 allows a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Patch: update to Chrome 149.0.7827.155 or newer. Exploitation details are not describe...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...