Lucene search
K

151 matches found

OSV
OSV
added 2026/06/26 10:23 p.m.4 views

GHSA-396Q-4VC8-28X9 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

Summary @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, but the default scrubSensitiveHeaders callback in RedirectHandlerOptions uses case-sensitive property deletion delete headers.Authorization, delete...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 7:16 p.m.9 views

CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 6:19 p.m.36 views

CVE-2026-49336

The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...

6.9CVSS5.9AI score0.0065EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 6:19 p.m.3 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS6AI score0.0065EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.12 views

SUSE CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.5AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 5:16 p.m.13 views

CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 3:41 p.m.2 views

CVE-2026-46283 tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tpm dev release function uses kfree instead of kfree sensitive to free chip-auth. This structure contains sensitive cryptographic material, including HMAC session keys, nonces, and...

9.8CVSS5.3AI score0.03663EPSS
Exploits24References338
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - xfs: scrub: Unlock dquot before an early return in quota scrub. - xchkquotaitem: Can return early after calling xchkfblockprocesserror. If this helper returns false, the function returns immediately without dropping dq-qqloc...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: Properly handles RST lookup errors. BUG When running btrfs/060 with the forced RST feature enabled, the following ASSERT within scrubreadendio might crash: ASSERTsectornr nrsectors; Previously, a tree dump from...

5.5CVSS6.1AI score0.00197EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed the race condition between the scrub and refill paths involving userrefs The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by an atomicdec to manipulate...

4.7CVSS6AI score0.00088EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.11 views

SUSE CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

5.8AI score0.00088EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

4.7CVSS0.00088EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/06 11:27 a.m.6 views

CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

4.7CVSS5.7AI score0.00088EPSS
Exploits0
CVE
CVE
added 2026/05/06 11:27 a.m.36 views

CVE-2026-43121

CVE-2026-43121 involves the Linux kernel io_uring/zcrx race between scrub and refill paths. The non-atomic read-then-decrement of the user_refs can race with io_zcrx_scrub() using atomic_xchg, causing a double-free of a niov and an out-of-bounds write past the freelist array. The fix replaces the...

4.7CVSS5.8AI score0.00088EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the userref functions in iouring/zcrx during the scrub and refill...

4.7CVSS5.8AI score0.00088EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/25 1:39 a.m.7 views

SUSE CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References7
OSV
OSV
added 2026/04/24 3:16 p.m.6 views

DEBIAN-CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 3:16 p.m.4 views

CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

5.5CVSS0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/24 3:16 p.m.7 views

CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References6
Rows per page
Query Builder