Lucene search
K

3723 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed null pointer dereference in bnxtbstracecheckwrap. With older firmware versions, we might encounter the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for the FW trace data type that has not been initialized. This could lead to...

5.9AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential null-ptr-dereference in tracearray in kprobeeventgentestexit When testgenkprobecmd fails after kprobeeventgencmdend, it will go to delete, which will call kprobeeventdelete and release the...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox

A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...

6.2CVSS6.6AI score0.00172EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libie: Do not unroll if fwlog is not supported. The libiefwlogdeinit function can be called during driver unloading, even when firmware logging was never properly initialized. This caused a call trace like this: 148.576156 Oops:...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Converted spinlock to mutex to lock the evlworkqueue. drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while...

5.5CVSS6AI score0.00164EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed OOB access in the DBGBUFPRODUCER async event handler. The ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER handler in bnxtasynceventprocess directly uses the ‘type’ field provided by the firmware as an index into bp-bsTrace,...

7.1CVSS4.8AI score0.00115EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the assignment logic of iocb. Commit 18ae8d12991b “f2fs: shows more DIO information at the tracepoint” introduced the iocb field in the ‘f2fsdirectIOenter’ trace event. It only assigns the pointer and then accesses...

7.1CVSS5.8AI score0.00147EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: The memory leak in iter-temp occurred during the reading of tracepipe. kmemleak reports: Unreferenced object: 0xffff88814d14e200 size 256 Details: - Process: “cat”, PID: 336; Jiffies: 4294871818 age: 779.490 seconds - He...

6AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

5.5CVSS6AI score0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...

9.8CVSS6.4AI score0.00409EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF does not enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. 71.913601 drm Clean up the vf2pf work item 71.915088 ------------ Cut...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed the issue with copylinklist updates when the “copyTracemarker” option is enabled for an instance. When this option is enabled, any data written to /sys/kernel/tracing/tracemarker is also copied into the buffer o...

7.8CVSS6AI score0.00127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores th...

9.8CVSS6.4AI score0.00409EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 10:12 p.m.20 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/05/19 4:30 p.m.11 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
OSV
OSV
added 2026/05/19 8:53 a.m.11 views

BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS6AI score0.01502EPSS
Exploits1References3
NVD
NVD
added 2026/05/18 3:16 p.m.14 views

CVE-2026-41947

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS0.00453EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/18 1:48 p.m.14 views

EUVD-2026-30772

Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...

9.1CVSS5.8AI score0.00453EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/18 1:48 p.m.33 views

CVE-2026-41947 Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS5.8AI score0.00453EPSS
Exploits1References6
Rows per page
Query Builder