3735 matches found
kernel: net: sched: act_csum: validate nested VLAN headers
A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...
CVE-2026-15380
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
CVE-2026-15380 Local privilege escalation in Symantec ITMS
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
CVE-2026-15380
CVE-2026-15380 : A non-admin interactive user can achieve full SYSTEM code execution via a DCOM/task scheduler logic chain in Symantec ITMS. No network access or memory corruption required. Connected records confirm the vulnerability and impact as stated; no explicit exploit details, mitigations,...
CVE-2026-15380
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
EUVD-2026-45153
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
kernel: net: sched: act_csum: validate nested VLAN headers
A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...
CVE-2026-50431
Windows Quality of Service QoS Packet Scheduler Information Disclosure Vulnerability...
CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
...
CVE-2026-50431
Technical details are not publicly available in the provided documents. Monitor updates from Microsoft (MSRC) and advisories (NCSC, ZDI) for affected products, impact, and remediation related to CVE-2026-50431.
CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
...
Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
...
ALSA-2026:36956 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange CVE-2025-71066 kernel: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL...
The vulnerability of the ets_qdisc_change() function in the net/sched/sch_ets.c module of the network/sched/sch_ets.c subsystem of the Linux operating system’s networking subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the etsqdiscchange function in the net/sched/schets.c file, within the network scheduling subsystem of the Linux kernel, relates to operations involving resources after their expiration. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895
Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...
CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()
A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...
OPENSUSE-SU-2026:21266-1 Security update for openQA, os-autoinst
This update for openQA, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1783076943.6691832d: test: Stabilize t/05-scheduler-full.t - Clarify resolution of three CVEs The following CVEs have been fixed see previous changelog entries that mentioned only the accordin...
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...
GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...
PT-2026-56058
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to v2.4.4-rc.2 Description The scheduler's v1 gRPC service is vulnerable to an unauthenticated Server-Side Request Forgery SSRF. A remote attacker can force the scheduler to make HTTP GET requests to arbitrary internal...