Lucene search
K

1691 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in dpdk

A flaw was discovered in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as auxiliary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By continuously sending such messages, the malicious...

6.5CVSS6.7AI score0.00283EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disabling the overlay plane in mxsfbplaneoverlayatomicdisable When disabling the overlay plane in mxsfbplaneoverlayatomicupdate, the framebuffer pointer of the overlay plane is NULL. Therefore, dereferencing it would...

5.6AI score0.00184EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switching to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors, the mapped surfaces started being cached, but...

5.5CVSS6.4AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: add a check for dpuplaneatomicprintstate to prevent invalid sspp values. Similar to the rpipe sspp protection, a check is added to prevent printing of the pipe’s state in a way that could lead to a NULL pointer...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference a NULL pointer during plane reset. The plane state in drmgemresetshadowplane can be NULL. Do not dereference that pointer; instead, pass NULL to the other plane-reset helpers. Clear plane-state to NU...

5.8AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in OVN

A flaw was discovered in Open Virtual Network, where the service monitor MAC does not properly implement rate limiting. This issue could allow an attacker to cause a denial of service, even in deployments with CoPP enabled and properly configured...

5.3CVSS6.4AI score0.00994EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in dpdk

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...

8.6CVSS7AI score0.01812EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/vc4: Do not check if plane-state-fb == state-fb Currently, when using non-blocking commits, the following kernel warnings can be observed: 110.908514 ------------ Cut here ------------ 110.908529 refcountt: Underflow; Use...

7.8CVSS6.4AI score0.00212EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: Failure to properly handle cases where a primary plane for a video-port is missing. Each window of vop2 is usable by a specific set of video ports. Therefore, when binding vop2, we iterate through the list of...

5.5CVSS5.3AI score0.00143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavutil/imgutils.c:353:9 in the imagecopyplane function...

7.8CVSS7.2AI score0.00324EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fixed the return value of createinformatblob createinformatblob is supposed to return a valid pointer or an error; it should never return NULL. The caller will dereference the blob if there is no error, and thus will...

5.2AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in dpdk

A flaw in the permissive list of allowed inputs was discovered in DPDK. This issue allows a remote attacker to trigger a denial of service by sending a crafted Vhost header to DPDK...

8.6CVSS7.2AI score0.01772EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Do not leak some plane state. Apparently, no one noticed that the mdp5 plane states are being leaked quite severely. This issue was addressed since we introduced the planestate-commit refcount mechanism a few years...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:17 a.m.12 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:29 a.m.27 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 4:29 a.m.18 views

CVE-2026-11752

Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...

5.9CVSS5.4AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 12:0 a.m.4 views

UBUNTU-CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...

8.6CVSS5.3AI score0.0059EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50823

Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...

5.9CVSS6AI score0.00198EPSS
Exploits0References12
NVD
NVD
added 2026/06/17 10:16 p.m.8 views

CVE-2026-48989

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:2 p.m.15 views

CVE-2026-48989 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Rows per page
Query Builder