Lucene search
+L

3735 matches found

RedHat Linux
RedHat Linux
added yesterday7 views

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

5.5CVSS4.6AI score0.00117EPSS
Exploits0References5
NVD
NVD
added yesterday7 views

CVE-2026-15380

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15380 Local privilege escalation in Symantec ITMS

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-15380

CVE-2026-15380 : A non-admin interactive user can achieve full SYSTEM code execution via a DCOM/task scheduler logic chain in Symantec ITMS. No network access or memory corruption required. Connected records confirm the vulnerability and impact as stated; no explicit exploit details, mitigations,...

5.1CVSS6.2AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-15380

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45153

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago6 views

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

5.5CVSS6.1AI score0.00117EPSS
Exploits0References5
NVD
NVD
added 4 days ago3 views

CVE-2026-50431

Windows Quality of Service QoS Packet Scheduler Information Disclosure Vulnerability...

5.5CVSS0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

...

5.5CVSS0.00469EPSS
Exploits0References1
CVE
CVE
added 4 days ago24 views

CVE-2026-50431

Technical details are not publicly available in the provided documents. Monitor updates from Microsoft (MSRC) and advisories (NCSC, ZDI) for affected products, impact, and remediation related to CVE-2026-50431.

5.5CVSS6.1AI score0.00469EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.00469EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago14 views

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.00469EPSS
Exploits0
OSV
OSV
added 2026/07/09 12:0 a.m.4 views

ALSA-2026:36956 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange CVE-2025-71066 kernel: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL...

8.8CVSS6.6AI score0.00176EPSS
Exploits5References10
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.10 views

The vulnerability of the ets_qdisc_change() function in the net/sched/sch_ets.c module of the network/sched/sch_ets.c subsystem of the Linux operating system’s networking subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the etsqdiscchange function in the net/sched/schets.c file, within the network scheduling subsystem of the Linux kernel, relates to operations involving resources after their expiration. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7CVSS5.6AI score0.00173EPSS
Exploits0References10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 1:50 p.m.3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...

7.5CVSS6AI score0.00486EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/07 9:20 a.m.4 views

CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 9:23 p.m.1 views

OPENSUSE-SU-2026:21266-1 Security update for openQA, os-autoinst

This update for openQA, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1783076943.6691832d: test: Stabilize t/05-scheduler-full.t - Clarify resolution of three CVEs The following CVEs have been fixed see previous changelog entries that mentioned only the accordin...

8.7CVSS6.7AI score0.00521EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2026/07/06 8:32 p.m.10 views

Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.3AI score
Exploits0References11Affected Software1
OSV
OSV
added 2026/07/06 8:32 p.m.6 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56058

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to v2.4.4-rc.2 Description The scheduler's v1 gRPC service is vulnerable to an unauthenticated Server-Side Request Forgery SSRF. A remote attacker can force the scheduler to make HTTP GET requests to arbitrary internal...

6.9CVSS6.1AI score
Exploits0References13
Rows per page
Query Builder