Lucene search
K
CloudlinuxRecent

524 matches found

CloudLinux
CloudLinux
•added last week•5 views

glib2: Fix of CVE-2026-58016

CVE-2026-58016: fix XML parser state handling for element nesting in D-Bus introspection XML...

9.1CVSS6.1AI score0.00373EPSS
Exploits1References1
CloudLinux
CloudLinux
•added last week•4 views

libxml2: Fix of CVE-2026-11979

CVE-2026-11979: add bounds checks in xmlcatalog --shell usershell to prevent stack buffer overflows when parsing overly long command lines...

7.8CVSS6.1AI score0.00148EPSS
Exploits0References1
CloudLinux
CloudLinux
•added last week•3 views

python: Fix of 2 CVEs

CVE-2025-15366: reject control characters in IMAP commands in imaplib.IMAP4.command to prevent command injection via newlines - CVE-2025-15367: reject control characters in POP3 commands in poplib.POP3.putcmd to prevent command injection via newlines...

5.9CVSS6.1AI score0.0036EPSS
Exploits0References2
CloudLinux
CloudLinux
•added last week•3 views

vim: Fix of CVE-2026-52860

CVE-2026-52860: fix possible code execution in python3complete/pythoncomplete by stripping default expressions and annotations from function parameter lists and whitelisting class bases to dotted names before exec upstream patch 9.2.0597...

8CVSS6.4AI score0.00224EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/22 6:37 p.m.•9 views

kernel: Fix of 14 CVEs

nfnetlinkosf: validate individual option lengths in fingerprints CVE-2026-23397 - netfilter: nfnetlinkosf: avoid OOB read CVE-2026-23397 - bonding: limit BONDMODE8023AD to Ethernet devices CVE-2026-23099 - netlabel: fix out-of-bounds memory accesses CVE-2019-25160 - ext4: always check block group...

9.3CVSS6.8AI score0.05111EPSS
Exploits2References14
CloudLinux
CloudLinux
•added 2026/06/22 6:34 p.m.•3 views

vim: Fix of 2 CVEs

CVE-2026-52858: fix possible code execution in python3complete/pythoncomplete by not executing import/from statements harvested from the buffer unless g:pythoncompleteallowimport is set upstream patch 9.2.0561...

8.8CVSS6.5AI score0.00219EPSS
Exploits0References2
CloudLinux
CloudLinux
•added 2026/06/22 2:45 p.m.•5 views

samba: Fix of CVE-2026-4408

CVE-2026-4408: Escape/mask client-controlled username before %u substitution in 'check password script' to prevent remote command execution; restrict samrValidatePassword to DCs...

9.8CVSS7.1AI score0.02501EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/22 2:44 p.m.•2 views

httpd: Fix of 2 CVEs

CVE-2026-29170: modproxyftp: XSS in generated HTML directory listing; escape entry names with apescapehtmlaposescapepath instead of apescapeuri in href attributes - CVE-2026-42535: moddavfs: deny WebDAV access to or within the DAVFSSTATEDIR state directory to prevent manipulation of trusted...

9.1CVSS6.1AI score0.00538EPSS
Exploits0References2
CloudLinux
CloudLinux
•added 2026/06/15 8:31 p.m.•4 views

httpd: Fix of CVE-2025-58098

CVE-2025-58098: modcgid with SSI exec cmd passed the shell-escaped query string as extra arguments to the executed shell command; do not pass r-args for SSI requests...

8.3CVSS7.1AI score0.01527EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/15 8:26 p.m.•4 views

openssl: Fix of CVE-2026-45447

CVE-2026-45447: fix possible use-after-free in PKCS7verify with empty digestAlgorithms SET...

8.8CVSS7AI score0.02719EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/13 10:33 a.m.•7 views

expat: Fix of CVE-2026-41080

CVE-2026-41080: backport SipHash-based hash-flooding protection with a full 16 bytes of salt entropy and add the XMLSetHashSalt16Bytes API...

7.5CVSS5.2AI score0.00379EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/13 10:31 a.m.•8 views

python: Fix of CVE-2026-7210

CVE-2026-7210: when hash randomization is enabled, seed libexpat's hash-flooding protection in pyexpat with a full 16 bytes of entropy via XMLSetHashSalt16Bytes, detected at runtime through a weak symbol so it activates once the system libexpat exposes it, instead of the 4-8 byte XMLSetHashSalt...

7.5CVSS5.2AI score0.0079EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/11 8:1 p.m.•4 views

vim: Fix of CVE-2026-41411

CVE-2026-41411: fix OS command injection in tag file processing by disallowing backticks in the filename field before wildcard expansion upstream patch 9.2.0357...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/11 8:0 p.m.•5 views

bind: Fix of CVE-2025-40778

CVE-2025-40778: Tighten restrictions on caching NS RRsets in the authority section require the NS owner name to be an ancestor of the queried name to prevent cache poisoning via spoofed records...

8.6CVSS6.6AI score0.00509EPSS
Exploits1References1
CloudLinux
CloudLinux
•added 2026/06/11 7:59 p.m.•5 views

mysql: Fix of 3 CVEs

CVE-2018-2562: fix DoS / data corruption in partitioned MEMORY tables Server: Partition - CVE-2018-2773: warn when --pid-file is in a world-writable location BUG26585560 - CVE-2018-3174: stop server as the mysql user in mysql.init so an attacker who controls the pid file cannot trick init into...

7.5CVSS6.6AI score0.03389EPSS
Exploits0References3
CloudLinux
CloudLinux
•added 2026/06/11 7:58 p.m.•6 views

dovecot: Fix of CVE-2017-14461

CVE-2017-14461: lib-mail: fix out-of-bounds read when parsing an invalid email address in parseaddrspec...

7.1CVSS6.7AI score0.16979EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/04 12:0 p.m.•10 views

ImageMagick: Fix of CVE-2026-30883

CVE-2026-30883: fix heap overflow when encoding PNG with oversized profile...

7.8CVSS7.5AI score0.00123EPSS
Exploits0References1
CloudLinux
CloudLinux
•added 2026/06/04 11:47 a.m.•12 views

perl: Fix of CVE-2026-8376

CVE-2026-8376: fix heap buffer overflow in Sstudychunk when compiling regular expressions with a repeated fixed string on 32-bit builds mincount l overflow...

9.8CVSS5.8AI score0.00398EPSS
Exploits1References1
CloudLinux
CloudLinux
•added 2026/05/30 10:24 a.m.•11 views

polkit: Fix of CVE-2018-1116

CVE-2018-1116: polkit trusts client-supplied UID in CheckAuthorization, allowing a local attacker to spoof or DoS the authentication-agent dialog of unrelated processes...

4.7CVSS5.5AI score0.01196EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/30 10:23 a.m.•21 views

bind: Fix of CVE-2026-1519

CVE-2026-1519: Limit NSEC3 iterations when validating referrals to unsigned delegations to avoid excessive CPU consumption...

7.5CVSS5.4AI score0.01545EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/30 10:23 a.m.•13 views

rsync: Fix of CVE-2026-41035

CVE-2026-41035: fix use-after-free in receivexattr by using tempxattr.count instead of the stale count in qsort...

7.8CVSS5.5AI score0.00393EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/29 3:17 p.m.•12 views

vim: Fix of CVE-2026-46483

CVE-2026-46483: fix command injection in the tar plugin's tarVimuntar function by using the correct shellescapetartail, 1 form so that a crafted .tgz filename cannot trigger cmdline-special expansion in the :! command...

7CVSS5.4AI score0.00552EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/28 2:32 p.m.•17 views

postfix: Fix of CVE-2026-43964

makedefs: support Linux kernel = 3 on build hosts - CVE-2026-43964: fix buffer over-read on enhanced status code without trailing text...

7.5CVSS6AI score0.00415EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/28 2:29 p.m.•11 views

samba: Fix of 2 CVEs

CVE-2019-3880: Refuse winreg SaveKey/RestoreKey RPCs to prevent writing registry hive files outside intended share boundaries via symlink races - CVE-2019-10218: Reject server-supplied filenames containing path separators in SMB1 directory listings to protect libsmbclient consumers from path...

6.5CVSS5.8AI score0.03515EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/28 2:28 p.m.•17 views

java-1.8.0-openjdk: Fix of 7 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u492-b09. That fixes following CVEs: - CVE-2026-22003: hotspot DoS via sandboxed Java Web Start/applets with untrusted code resource exhaustion - CVE-2026-22007: Security component, local high-complexity low-impact info disclosure -...

7.5CVSS5.9AI score0.00702EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/26 7:41 p.m.•16 views

rsync: Fix of 2 CVEs

CVE-2026-43618: fix integer overflow in compressed-token decoding that could leak rsync process memory contents over the wire - CVE-2026-29518: fix TOCTOU race on parent path components in non-chroot daemon by routing receiver/sender opens, chmod, and chdir through per- component ONOFOLLOW secure...

8.1CVSS5.9AI score0.0078EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/26 9:21 a.m.•13 views

nginx: Fix of CVE-2026-9256

CVE-2026-9256: fix heap buffer overflow with overlapping captures in ngxhttprewritemodule...

9.2CVSS6AI score0.04261EPSS
Exploits3
CloudLinux
CloudLinux
•added 2026/05/26 9:20 a.m.•12 views

php: Fix of CVE-2026-6735

CVE-2026-6735: fix XSS within FPM status endpoint...

8.8CVSS5.8AI score0.0021EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/21 3:40 p.m.•23 views

expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic runtime in attribute collision detection by using a hash table for default attribute names instead of an On^2 loop...

7.5CVSS5.8AI score0.00428EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/21 3:39 p.m.•11 views

dovecot: Fix of 2 CVEs

CVE-2026-42006: lib-imap: fix listcountlimit to actually count open '' instead of close '', preventing an imap-login memory-exhaustion DoS that bypassed the CVE-2026-27857 fix...

7.5CVSS5.8AI score0.00454EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/21 3:38 p.m.•12 views

tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

7.5CVSS5.8AI score0.0078EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/21 3:37 p.m.•11 views

httpd: Fix of 5 CVEs

CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...

9.8CVSS6AI score0.01376EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/21 3:36 p.m.•10 views

php: Fix of CVE-2026-7262

CVE-2026-7262: fix NULL pointer dereference in SOAP apache map decoder typemap configured...

7.5CVSS5.8AI score0.0078EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/21 10:40 a.m.•11 views

vim: Fix of CVE-2026-42307

CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp:// URLs by hardening the tempfile suffix regex and escaping the tempfile argument before passing it to the sftp command...

4.4CVSS5.8AI score0.00774EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/21 10:39 a.m.•13 views

quagga: Fix of CVE-2018-5380

CVE-2018-5380: fix BGP NOTIFY debug-print msg array over-read...

4.3CVSS6.8AI score0.15107EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/21 10:38 a.m.•12 views

nginx: Fix of CVE-2026-42945

CVE-2026-42945: fix heap buffer overflow in ngxhttprewritemodule...

9.2CVSS6.2AI score0.61469EPSS
Exploits40
CloudLinux
CloudLinux
•added 2026/05/21 10:37 a.m.•18 views

php: Fix of 2 CVEs

CVE-2026-6722: Use-after-free in SOAP ext via stale refmap pointer - CVE-2026-7261: Use-after-free in SOAP after header parse failure with SOAPPERSISTENCESESSION...

9.8CVSS5.8AI score0.00739EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/16 3:42 p.m.•13 views

subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

6.5CVSS6.7AI score0.02422EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/16 3:41 p.m.•8 views

libssh2: Fix of 2 CVEs

CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...

9.1CVSS7AI score0.05118EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/14 7:23 p.m.•20 views

python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS6.9AI score0.05328EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/14 7:22 p.m.•9 views

curl: Fix of 2 CVEs

CVE-2018-1000120: fix buffer overflow exists in the FTP URL handling - CVE-2018-1000007: fix leak authentication data to third parties in HTTP requests...

9.8CVSS7AI score0.12058EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/14 7:22 p.m.•12 views

libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

9.1CVSS7.2AI score0.00466EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/14 7:20 p.m.•14 views

samba: Fix of CVE-2017-15275

CVE-2017-15275: Fix server heap memory information leak by zeroing unused area when messagepushstring grows the talloc buffer...

7.5CVSS6.8AI score0.21408EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/13 8:59 a.m.•9 views

dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1
CloudLinux
CloudLinux
•added 2026/05/13 8:58 a.m.•13 views

openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/08 11:43 a.m.•13 views

bzip2: Fix of CVE-2019-12900

CVE-2019-12900: fix out-of-bounds write in BZ2decompress many selectors...

9.8CVSS6.8AI score0.0812EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/08 11:42 a.m.•13 views

httpd: Fix of 2 CVEs

CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...

8.1CVSS6.7AI score0.86006EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/08 11:41 a.m.•15 views

openssh: Fix of CVE-2026-35414

CVE-2026-35414: fix authorizedkeys principals option mishandling with comma-containing CA principals...

8.1CVSS6AI score0.00176EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/08 11:40 a.m.•18 views

exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap during JSON expansion...

9.8CVSS6AI score0.00321EPSS
Exploits0
CloudLinux
CloudLinux
•added 2026/05/08 11:40 a.m.•20 views

libssh2: Fix of 2 CVEs

CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...

8.1CVSS6.8AI score0.11659EPSS
Exploits2
Total number of security vulnerabilities524