Lucene search
K

9614 matches found

SUSE Linux
SUSE Linux
added 2026/05/06 7:43 a.m.8 views

Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can...

9.2CVSS6.8AI score0.01052EPSS
Exploits2References10
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.5 views

CVE-2026-43114

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...

9.4CVSS5.7AI score0.00356EPSS
Exploits0
CVE
CVE
added 2026/05/06 7:40 a.m.28 views

CVE-2026-43114

Summary: CVE-2026-43114 involves the Linux kernel netfilter nft_set_pipapo_avx2 path. The bug arises when AVX2 matching incorrectly masks and returns a non-matching entry on expiry after a flush, causing a clashing element report. Root-cause: too-early return in AVX2 match functions, leading to o...

9.4CVSS5.8AI score0.00356EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.5 views

CVE-2026-43114

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...

5.8AI score0.00356EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37477

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the ASoC SOF Intel hda component. This happens when there is a mismatch between the DAI links in the machine driver and the topology, which may...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37449

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the rpmsg core where the driver override show function reads the driver override string without holding the device lock. Simultaneously, the store function...

4.7CVSS5.3AI score0.00091EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37520

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the kaweth set rx mode function, which serves as the ndo set rx mode callback. This function incorrectly calls netif stop queue and netif wake queue, which are TX queu...

7.8CVSS5.5AI score0.00129EPSS
Exploits0References129
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-37548

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the set rps cpu function incorrectly assumes that the Receive Packet Steering RPS table for each receive queue is of a constant size and does not change. By passing...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37546

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the kfd event page set function. The function uses memset to write KFD SIGNAL EVENT LIMIT 8 bytes without verifying the buffer size parameter. This allow...

9.8CVSS5.7AI score0.0049EPSS
Exploits4References354
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fs/ntfs3 component where errors occurring during the attr set size function call are silently ignored when truncating files down. This can lead to the inode being...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ntfs3 file system’s failure to handle the attrsetsize function error when truncating files,...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the mask used by the nftsetpipapoavx2 function when matching expired entries, which may lead...

9.4CVSS5.8AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component, specifically within the nft set pipapo avx2 function. When AVX2 matching functions are used, the system may incorrectly return a non-matching...

9.4CVSS5.8AI score0.00356EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

Oracle Linux 8 : libcap (ELSA-2026-13285)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-13285 advisory. 2.48-6.1 - Fix TOCTOU race condition in capsetfile CVE-2026-4878 Resolves: RHEL-169304 Tenable has extracted the preceding description block directly from the...

7CVSS5.8AI score0.00188EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Fix out-of-bounds write in kfdeventpageset The kfdeventpageset function writes KFDSIGNALEVENTLIMIT 8 bytes via memset without checking the buffer si...

7.8CVSS6.7AI score0.00139EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:18 p.m.4 views

GHSA-838G-GR43-QQG9 PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data

Summary No sanitization of package folder name allows writing files anywhere outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: setpackagedata Details When passing a folder name in the setpackagedata API function call inside the data object with...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:18 p.m.13 views

PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data

Summary No sanitization of package folder name allows writing files anywhere outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: setpackagedata Details When passing a folder name in the setpackagedata API function call inside the data object with...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/05 6:35 p.m.7 views

HTTP Response Splitting

Overview microdot is a The impossibly small web framework for MicroPython Affected versions of this package are vulnerable to HTTP Response Splitting in the setcookie function. An attacker can inject arbitrary HTTP headers by supplying malicious input containing carriage return and line feed...

6.3CVSS5.8AI score0.00215EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 6:27 p.m.4 views

GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 4:16 p.m.11 views

CVE-2026-34000

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS0.00489EPSS
Exploits0References27
Rows per page
Query Builder