36 matches found
UBUNTU-CVE-2026-12246
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
EUVD-2026-37928
A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...
CVE-2026-7262
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
EUVD-2026-17995
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
PT-2026-29583
Name of the Vulnerable Software and Affected Versions Temporal Server versions 1.29.0 and later Description A user with a writer role in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the...
LSN-0117-1 Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100xmitprepare In e100xmitprepare, if we can't map the skb, then return -ENOMEM, so e100xmitframe will return NETDEVTXBUSY and the upper layer will resend the skb. In the Linux kernel, the...
MiracleLinux 4 : kernel-2.6.32-696.6.3.el6 (AXSA:2017-1749:05)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1749:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...
MiracleLinux 7 : 389-ds-base-1.3.4.0-26.el7 (AXSA:2016-099:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-099:01 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...
CVE-2025-40273
In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4freeolstateid Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4laundromat if the stateid hasn't been used in a lease period. However, in case...
EUVD-2010-3761
Malware in sbrugna...
EUVD-2019-6570
Malware in sbrugna...
EUVD-2022-31885
Malicious code in bioql PyPI...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-50208: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages bsc1233118 CVE-2024-50250: fsdax: daxunshareiter needs to copy entire blocks bsc1233227 CVE-2024-53146: NFSD: prevent a potential integer...
CVE-2021-32657
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
X.Org: Xwayland: Use-after-free of the root cursor
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...
Google Android Security Vulnerability
Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android that originates from a logic error in the DevmemIntFreeDefBackingPage method of the devicememserver.c file, which could lead to arbitrary code...
xorg-x11-server: ScreenSaverSetAttributes use-after-free
A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X...
SUSE CVE-2015-1158
The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...