Lucene search
K

189 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mrp: Introduced active flags to prevent UAF when the applicant uninit occurs. The caller of deltimersync must prevent the timer from restarting. If we don’t have this synchronization, there is a small probability that the...

5.6AI score0.00196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: fixed possible store tearing in neighperiodicwork. While reviewing a related syzbot report involving neighperiodicwork, I discovered that I forgot to add an annotation when deleting an RCU-protected item from a list. When...

5.5CVSS6.2AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fixed a situation where a hard lockup occurs in the virtual machine after prolonged inactivity, due to the periodic HV timer. When advancing the expiration of the guest’s APIC timer in periodic mode, set the expiration ...

5.5CVSS5.5AI score0.00095EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: A soft lockup was avoided in kmemleakdocleanup. A soft lockup warning was observed on a relatively small x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. Watchdog: BUG: Soft locku...

5.5CVSS6.5AI score0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rtc: Check whether the rtcreadtime call was successful in rtctimerdowork. If the rtcreadtime call fails, the struct rtctime tm; structure may contain uninitialized data, or an illegal date/time reading from the RTC hardware may...

5.5CVSS6.1AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 9:42 p.m.10 views

MAL-2026-5489 Malicious code in bittensor-emission-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 6:21 p.m.14 views

Malicious code in ai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6AI score
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28562

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

5.8AI score0.00122EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 2:16 p.m.18 views

CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

5.5CVSS0.00122EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:11 p.m.9 views

CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

5.7AI score0.00122EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/08 1:11 p.m.23 views

CVE-2026-43292

The CVE-2026-43292 issue affects the Linux kernel mm/vmalloc path when CONFIG_PAGE_OWNER is enabled. During vmalloc cleanup, freeing KASAN shadow pages can trigger stack unwinding under an RCU read lock, and processing a large purge_list (kasan_release_vmalloc_node) may cause long RCU stalls (10+...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.36 views

CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When CONFIG PAGE OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge list withou...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References18
OSV
OSV
added 2026/04/14 9:21 a.m.5 views

MAL-2026-2826 Malicious code in dom-utils-lite (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/04/09 4:10 p.m.17 views

Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization

Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/17 4:17 p.m.9 views

Next.js: Unbounded next/image disk cache growth can exhaust storage

Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/14 4:27 p.m.7 views

EUVD-2026-5836

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

5.2AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.6 views

PT-2026-7433

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description The MongoDB Server may encounter an out-of-memory failure when processing expressions that result in deeply nested documents. This occurs due to a lack of periodic depth checks within...

7.5CVSS5.4AI score0.00272EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/01/16 12:26 a.m.4 views

SUSE CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

6.5CVSS6.6AI score0.00095EPSS
Exploits0References20
NVD
NVD
added 2026/01/14 3:15 p.m.9 views

CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

5.5CVSS0.00095EPSS
Exploits0References7
Rows per page
Query Builder