|
2931
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint()
array_index_nospec() is no use if the result gets spilled to the stack, as
…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/fred: Corregir la seguridad especulativa en fred_extint()
array_index_nospec() no sirve de nada si el resultado se vuelca a …
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
4.3 |
MEDIUM
Network
|
wolfssh
|
wolfssh
|
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-0930
|
2026-04-25 04:15 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
7.6 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…
|
CWE-287
Improper Authentication
|
CVE-2026-6729
|
2026-04-25 04:14 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc
Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
ata: libata: cancelar trabajo pendiente después de limpiar deferred_qc
Syzbot informó un WARN_ON() en ata_scsi_deferred_qc_work(…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
6.5 |
MEDIUM
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cr…
|
CWE-200
CWE-306
CWE-942
Information Exposure
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-34839
|
2026-04-25 04:09 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quot…
|
CWE-20
Improper Input Validation
|
CVE-2026-35377
|
2026-04-25 04:06 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Even though we check that we "should" be able to do lc_get_cumulative()
whil…
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
drbd: corrige el 'LOGIC BUG' en drbd_al_begin_io_nonblock()
Aunque verificamos que "deberíamos" poder hacer lc_get_cumulative() …
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
