448 matches found
@antv/f-charts (=0.0.0), @antv/f2 (>=5.0.27 <=5.14.0) +7 more potentially affected by unknown CVE via @antv/f-lottie (=1.10.0)
@antv/f-lottie NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f-lottie and may be impacted: - @antv/f-charts =0.0.0 - @antv/f2 =5.0.27, =5.0.0-alpha.1, =5.0.0-alpha.1, =5.0.1, =0.1.6, =0.9.5 Source cves: unknown CVE Source...
CVE-2026-8770 continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...
PT-2026-41589
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...
Schneider Electric多款产品 安全特征问题漏洞
Schneider Electric Easergy MiCOM Px40 Series are products of Schneider Electric, a French company. The Schneider Electric Easergy MiCOM Px40 Series consists of a series of power protection and control relay devices. The Schneider Electric Easergy MiCOM C264 is an industrial communication gateway...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fixed the DMA-API call trace for NVMe LS requests. The following message and call trace were observed with debug kernels: DMA-API: qla2xxx 0000:41:00.0: The device driver failed to check the map error device...
Linux Distros Unpatched Vulnerability : CVE-2026-28532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013720)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013720 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace wa...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011154)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011154 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace wa...
Unity Linux 20.1070e Security Update: vsftpd (UTSA-2026-007077)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007077 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote,...
Unity Linux 20.1070a Security Update: vsftpd (UTSA-2026-007108)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007108 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote,...
CVE-2026-40030 parseusbs < 1.9 Command Injection via Volume Path Argument
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...
PT-2026-31467
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...
EUVD-2026-15366
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...
CVE-2026-23376
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...
UBUNTU-CVE-2026-23376
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...
MAL-2026-1579 Malicious code in nf-cl-ls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in nf-cl-ls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
Moderate: Red Hat Security Advisory: vsftpd security update
An update for vsftpd is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...