Lucene search
K

3105 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The ef100updatestats function in drivers/net/ethernet/sfc/ef100nic.c lacks a check for the return value of kmalloc...

5.5CVSS6.7AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fixed dtlaccesslock to use a rwsemaphore instead of a rwsemaphore. The dtlaccesslock needs to be a rwsemaphore, a sleeping lock, because the code calls kmalloc while holding it, which can cause a sleep condition...

5.5CVSS6.3AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue with mlx5ibgethwstats when used for devices. Currently, when mlx5ibgethwstats is used for a device where portnum = 0, there is a special handling to ensure that the correct counters are used. However,...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: A NULL pointer dereferencing issue was fixed in iceupdatevsitxringstats. It is possible to cause a NULL pointer dereferencing in routines that update Tx ring statistics. Currently, only statistics and bytes are updated when...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to pagepoolgetstats Calling pagepoolgetstats in the mvneta driver without proper checks leads to kernel crashes. Firstly, the page pool is only available if the bm is not being used. The page pool is also n...

5.5CVSS5.7AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A issue was discovered in the Linux kernel through version 5.16-rc6. The function netvscgetethtoolstats in the drivers/net/hyperv/netvscdrv.c file lacks a check on the return value of kvmallocarray, which can lead to a null pointer derefrence...

5.5CVSS6.7AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libvirt

A use-after-free flaw was discovered in libvirt. The qemuMonitorUnregister function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting...

6.5CVSS6.7AI score0.01217EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 8:17 p.m.10 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 7:13 p.m.22 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 12:5 p.m.9 views

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

5.6AI score0.00173EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.7 views

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

5.4AI score0.00173EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References11
NVD
NVD
added 2026/06/16 3:16 p.m.10 views

CVE-2026-10639

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

4.8CVSS0.00232EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 3:16 p.m.15 views

CVE-2026-10640

Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...

7.1CVSS0.0037EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 1:22 p.m.16 views

CVE-2026-10639

Summary: Zephyr’s native IPv4 icmpv4_handle_echo_request() can perform a use-after-free when updating per-interface statistics after sending an ICMP echo reply. The code hands the echo-reply to the TX path, which may drop the packet and free the net_pkt before the post-send stats update runs. As ...

4.8CVSS5.6AI score0.00232EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-9748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal skip this document when an index stats conversion failed. But PauseExecution i...

7.1CVSS5.5AI score0.00323EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.5AI score0.00323EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/10 4:40 a.m.12 views

Revive Adserver: Reflected XSS in stats‑video.php via improperly encoded URL parameters

A reflected XSS vulnerability was discovered in the stats‑video.php script due to improper encoding of user input in the URL parameters...

6.1CVSS5.8AI score0.00224EPSS
Exploits1
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35864

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder