Lucene search
K

4354 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 6:13 p.m.8 views

mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51638

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...

5.5CVSS6AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51594

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References12
NVD
NVD
added 2026/06/19 8:16 p.m.12 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Adjust the subpage bit start based on the sector size. When running machines with a 64k page size and a 16k node size, we began to encounter tree log corruption in production. This occurred because we sometimes did not wri...

5.5CVSS6.4AI score0.00163EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: amba: bus – fix refcount leak The commit 5de1540b7bc4 from drivers/amba: create devices from device tree increases the refcount of ofnode, but does not release it in ambadevicerelease. This results in a refcount leak. To avoid...

5.9AI score0.00204EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...

9.8CVSS6.8AI score0.02937EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed missing NULL checks for kstrdup 1. Replaced “offindnodebypath"/"” with “ofroot” to avoid multiple calls to “ofnodeput”. 2. Fixed a potential kernel error during early boot when memory allocation fails while...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands. The issue arises from the lack of proper validation of a pointer before accessing it. An...

7.5CVSS6.4AI score0.0406EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree because ext4mbdiscardgrouppreallocation may...

5.8AI score0.00161EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed a mid leak that occurred during reconnection after a timeout threshold. When the number of responses with the status STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection...

5.5CVSS5.2AI score0.00136EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ARM: In the dts section, for the qcom subsystem, replace the gcc PXO handle with pxoboard fixed clock. Replace the gcc PXO handle with the pxoboard fixed clock value declared in the dts file. The gcc driver does not provide PXOSR...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fixed the latency and residency issues during CPU/L2 idle states. The entry/exit latency and minimum residency in the idle states of the MSM8998 device were incorrect. Firstly, the timings were set for...

5.5CVSS5.2AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel before version 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

5.5CVSS6.4AI score0.01339EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check in the loop body of unflattendtnodes. This could lead to an overflo...

7.8CVSS6.1AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9063 – A better fix for null dereferencing with partial DT. Two versions of the original patch were sent, but Version 1 was merged instead of Version 2 due to a mistake. Therefore, update to Version 2. The advantage ...

5.5CVSS5.6AI score0.00152EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: ofoverlay: Early call to callchangesetinit When ofoverlayfdtapply fails, the changeset may be partially applied. It is still expected that the caller will call ofoverlayremove to clean up this partial state. However,...

5.7AI score0.00191EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines resulted in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings:...

5.2AI score0.00206EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the re-dirty process of tree-log nodes There is a report of a transaction abort with the following script: !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test moun...

5.5CVSS6AI score0.00205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder