Lucene search
K

248 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: bonding: Fix for use-after-free after 802.3ad slave unbind Commit 0622cab0341c “bonding: fix 802.3ad aggregator reselection” resolves a issue where, when there are several aggregation groups within the same bond,...

7.8CVSS6.2AI score0.00276EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as a RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver’s TXEN pin. When the TTY port is closed mid-transmission e.g....

5.5CVSS5.6AI score0.00175EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: phy: It is now possible to allow the MDIO bus’s PM operations to initiate/stop the state machine for the phylink-controlled PHY. There are two types of DSA drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume...

5.5CVSS6.5AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 2:28 p.m.4 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.00801EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 3:16 p.m.12 views

CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS0.00801EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 2:32 p.m.28 views

CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS0.00801EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/11 12:0 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 3:50 p.m.20 views

CVE-2026-46267

CVE-2026-46267 affects the Linux kernel NFC HCI SHDLC subsystem. The root cause is that timers and state-machine work can remain active during llc_shdlc_deinit(), which purges SHDLC skb queues and frees the llc_shdlc structure while callbacks may still access SHDLC state and queues. If teardown r...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46030

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF condition exists in the Linux kernel's NFC HCI SHDLC implementation. The function llc shdlc deinit purges SHDLC skb queues and frees the llc shdlc structure while...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References19
NVD
NVD
added 2026/05/28 10:16 a.m.17 views

CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

7.8CVSS0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.7 views

CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

5.7AI score0.00135EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46219

CVE-2026-46219 concerns a use-after-free in the SPI mpc52xx path of the Linux kernel. The description indicates the state machine work is scheduled by the interrupt handler and must be cancelled after interrupts are disabled to avoid use-after-free. Connected OSV entries show patches in rootio-li...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.8 views

SUSE CVE-2026-46095

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier before state machine transition Move the barrier raise operation before calling llbitmapstatemachine in both llbitmapstartwrite and llbitmapstartdiscard. This ensures the barrier is in place before a...

4.7CVSS5.8AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the state machine’s operation is not canceled after unbinding in the spi...

5.8AI score0.00135EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44342

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the spi: mpc52xx component. The state machine work is scheduled by...

9.8CVSS5.9AI score0.00525EPSS
Exploits1References293
Rows per page
Query Builder