4557 matches found
CVE-2026-58015
A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...
EUVD-2026-40318
A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...
OX Appsuite - Cross-Site Scripting
OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...
CVE-2026-48800
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...
EUVD-2026-39360
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
CVE-2026-53091
The CVE-2026-53091 issue concerns the Linux kernel’s handling of GSO packet headers during qdisc_pkt_len_segs_init(). The root cause is that many ndo_start_xmit() paths assume headers are already in skb->head, while tso_build_hdr() may copy from skb->data, and qdisc_pkt_len_segs_init() diss...
CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect
In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.8)
The version of AOS installed on the remote host is prior to 7.5.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.8 advisory. - A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a deni...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libceph: The state of sparse-read was reset in osdfault. When a fault occurs, the connection is abandoned, re-established, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed the NULL domain on device release. In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. This leads t...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Use callrcu to free endpoints This patch delays the endpoint freeing process by calling callrcu, in order to address another use-after-free issue in sctpsockdump: BUG: KASAN: Use-after-free in lockacquire+0x36d9/0x4c20...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability in the BIOS, where an attacker can cause a “Protection Mechanism Failure” through local access. Successful exploitation of this vulnerability will lead to the execution of arbitrary code, compromising Confidentiality, Integrity, and Availability...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Fixed a possible memory leak when registering the ‘hctx’ variable failed. There is one issue that arises during fault injection tests: An unreferenced object with a size of 512 bytes: bash comm "insmod", pid 308021,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fixed a memory leak in nfcmrvlplaydeferred. Similar to the handling of playdeferred in commit 19cfe912c37b “Bluetooth: btusb: Fixed a memory leak in playdeferred”, we thought a patch might be necessary here as well...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the mech token during session setup. If a client sends an invalid mech token in a session setup request, ksmbd validates it and reports an error if the token is invalid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fixed a memory leak in amdpmcstbdebugfsopenv2. The function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism is enabled. When amdpmcsendcmd fails, the ‘buf’ variable needs to be released...
Security Updates for Microsoft Office Products (June 2026) (macOS)
The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-16-2026 advisory. - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824,...
CVE-2026-12214 Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
SUSE SLES15 Security Update : memcached (SUSE-SU-2026:2293-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2293-1 advisory. This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication...