Lucene search
K

1365 matches found

RedHat Linux
RedHat Linux
added 2026/05/11 8:10 a.m.13 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 4:15 a.m.22 views

CVE-2026-8272

CVE-2026-8272 affects D-Link DNS-320 firmware 2.06B01 and targets the webfile_mgr.cgi component. The vulnerability arises from manipulation of file operations (delete/rename/copy/move/chmod/chown), enabling OS command injection via remote input. Publicly released exploit details exist, and exploi...

7.2CVSS5.6AI score0.05587EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:15 a.m.7 views

CVE-2026-8272 D-Link DNS-320 webfile_mgr.cgi chown os command injection

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

5.8CVSS5.6AI score0.05587EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39571

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

5.8CVSS5.6AI score0.05587EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39899

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 1.3.0 through 2.28.1 Description An issue exists where an unescaped Project Name allows an attacker with manager or administrator access levels to inject HTML into the Move Attachments admin page. This lead...

8.6CVSS5.9AI score0.00298EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...

7.2CVSS5.8AI score0.05587EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39711

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. Th...

7.3CVSS5.8AI score0.00157EPSS
Exploits2References57
SUSE CVE
SUSE CVE
added 2026/05/09 2:41 a.m.9 views

SUSE CVE-2026-43188

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

5.8AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.10 views

CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/08 2:21 p.m.23 views

CVE-2026-43421

The CVE affects the Linux kernel USB gadget for Network Control Model (NCM) where a net_device could outlive its parent gadget during disconnection, causing dangling sysfs links and potential null dereference. The root cause was lifecycle mismanagement of net_device during USB bind/unbind, addres...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 2:21 p.m.9 views

CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
NVD
NVD
added 2026/05/08 2:16 p.m.23 views

CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.5CVSS0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.8 views

CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 2:16 p.m.10 views

UBUNTU-CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/05/08 1:26 p.m.46 views

CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

0.00122EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:26 p.m.9 views

CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.8AI score0.00122EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/08 1:26 p.m.26 views

CVE-2026-43318

The CVE-2026-43318 entry affects the Linux kernel’s drm/amdgpu component, specifically the amdgpu_dma_buf_move_notify path. A synchronization bug arises when a dmabuf is moved and the issuing process signals the move while another process has not yet updated its page table; the ticket-based handl...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 1:26 p.m.8 views

CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-38969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A synchronization bug exists in the amdgpu dma buf move notify function within the drm/amdgpu component. The issue occurs when a buffer object BO is moved by one process, requiring other...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39082

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the f ncm USB gadget driver allows a network device to outlive its parent gadget device during disconnection. This leads to dangling sysfs links and null pointer dereference...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References21
Rows per page
Query Builder