2375 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: A potential memory leak was fixed in damonreclaiminit. damonreclaiminit allocates a memory chunk for ctx using damonnewctx. When damonselectops fails, the ctx is not released, which will lead to a memory leak. W...
FreeBSD Security Advisory - FreeBSD-SA-26:22.libcasper
FreeBSD Security Advisory - libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024...
FreeBSD -- select(2) file descriptor set overflow causes stack overflow
Problem Description: libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. Impact: An...
FreeBSD -- Kernel use-after-free via file descriptor syscalls
Problem Description: A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked...
FreeBSD-SA-26:19.file
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:19.file Security Advisory The FreeBSD Project Topic: Kernel use-after-free via file descriptor syscalls Category: core Module: file Announced: 2026-05-20...
FreeBSD-SA-26:22.libcasper
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:22.libcasper Security Advisory The FreeBSD Project Topic: select2 file descriptor set overflow causes stack overflow Category: core Module: libcasper...
freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface
A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...
firefox: thunderbird: Select list elements could be shown over another site
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks...
SAP HANA Deployment Infrastructure deploy library SQL注入漏洞
SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...
JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption
In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...
NPM: mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`
NPM: mcp-data-vis vulnerable to denial of service via unsanitized select key lookup on Object.prototype with precompile: true vulnerability discovered by ? in WordPress Npm icu-minify versions = 4.9.1...
Prototype Pollution
Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...
mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`
Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...
GHSA-C2Q3-P4JR-C55F Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the global autoescape protection. An editor-level user can inject arbitrary...
PT-2026-37281
Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...
MAL-2026-3270 Malicious code in @bcs-react-ui/select (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f13a9b44b9cd000d9cc8fbcd4cbc765178ea32a471cd8b339d4ebdda4182d52 The package @bcs-react-ui/select was found to contain malicious code. Source: ghsa-malware...
CVE-2026-39457
When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...
CVE-2026-39457
When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...
CVE-2026-39457 Stack overflow via select() file descriptor set overflow
When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...