|
2261
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/fred: Corregir la seguridad especulativa en fred_extint()
array_index_nospec() no sirve de nada si el resultado se vuelca a …
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2262
|
4.3 |
MEDIUM
Network
|
wolfssh
|
wolfssh
|
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-0930
|
2026-04-25 04:15 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2263
|
7.6 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…
|
CWE-287
Improper Authentication
|
CVE-2026-6729
|
2026-04-25 04:14 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2264
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc
Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2265
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
ata: libata: cancelar trabajo pendiente después de limpiar deferred_qc
Syzbot informó un WARN_ON() en ata_scsi_deferred_qc_work(…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2266
|
6.5 |
MEDIUM
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cr…
|
CWE-200
CWE-306
CWE-942
Information Exposure
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-34839
|
2026-04-25 04:09 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2267
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quot…
|
CWE-20
Improper Input Validation
|
CVE-2026-35377
|
2026-04-25 04:06 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2268
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Even though we check that we "should" be able to do lc_get_cumulative()
whil…
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2269
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
drbd: corrige el 'LOGIC BUG' en drbd_al_begin_io_nonblock()
Aunque verificamos que "deberíamos" poder hacer lc_get_cumulative() …
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2270
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix deadlock in error path of mcp251x_open
The mcp251x_open() function call free_irq() in its error path with the
m…
|
CWE-667
Improper Locking
|
CVE-2026-23357
|
2026-04-25 04:04 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
