Lucene search
K

8 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fixed potential memory leaks in rpcsysfsxprtstatechange. This issue occurs during certain error-handling paths. When the function fails to obtain the object xprt, it simply returns 0, forgetting to decrease the...

5.5CVSS6AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 3:47 a.m.5 views

EUVD-2026-26714

Bandit trusts client-supplied URI scheme on plaintext connections...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 9:16 p.m.8 views

CVE-2026-39807

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS0.00454EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.2 views

CVE-2026-39807

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/01 8:34 p.m.28 views

CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36542

Name of the Vulnerable Software and Affected Versions bandit versions 1.0.0 through 1.10.f Description Reliance on untrusted inputs in a security decision allows unauthenticated transport-state spoofing on plaintext HTTP connections. The function determine scheme/2 in Elixir.Bandit.Pipeline retur...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References12
OSV
OSV
added 2025/05/01 3:15 p.m.2 views

UBUNTU-CVE-2022-49765

In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for transfd Shamelessly copying the explanation from Tetsuo Handa's suggested patch1 slightly reworded: syzbot is reporting inconsistent lock state in p9reqput2, for p9tagremove from p9reqput from...

5.5CVSS5.7AI score0.00124EPSS
Exploits0References6
RustSec
RustSec
added 2024/01/23 12:0 p.m.7 views

Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

4.3CVSS7AI score0.00387EPSS
Exploits0Affected Software1
Rows per page
Query Builder