Lucene search
K

262 matches found

EUVD
EUVD
added 2026/05/12 12:31 a.m.9 views

EUVD-2026-29323

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

6.9CVSS6AI score0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 9:9 p.m.20 views

CVE-2026-34961

Barebox before 2026.04.0 has a heap out-of-bounds read in ext4 extent parsing due to missing validation of eh_entries against buffer capacity in fs/ext4/ext4_common.c. An attacker could supply a malicious ext4 image over USB, SD card, or network boot to trigger reads beyond the allocated buffer d...

7.7CVSS6AI score0.0021EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/11 9:9 p.m.33 views

CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

6.9CVSS0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 9:48 p.m.9 views

CVE-2026-43210

A flaw was found in the Linux kernel's tracing ring-buffer subsystem. This vulnerability occurs in the rbreaddatabuffer function, which fails to validate the length of an event before using it to determine the next memory address. If an event's length is corrupted, this can lead to an invalid...

6.1CVSS5.8AI score0.00127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 3:53 p.m.5 views

CVE-2026-42372 D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

8.8CVSS5.8AI score0.003EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registrati...

5.5CVSS5.9AI score0.00107EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 3:16 p.m.6 views

DEBIAN-CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 3:16 p.m.4 views

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

5.5CVSS0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/24 3:16 p.m.7 views

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/24 2:35 p.m.6 views

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

5.5CVSS5.3AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 2:35 p.m.7 views

EUVD-2026-25454

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

5.5AI score0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 2:35 p.m.17 views

CVE-2026-31561

CVE-2026-31561 affects the Linux kernel: the fix removes the X86_CR4_FRED bit from the CR4 pinning mask to avoid a boot-time window where exceptions cannot be handled. The vulnerability is detailed as a problem where FRED was temporarily disabled during AP boot, which could let an attacker modify...

5.5CVSS5.5AI score0.00122EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.8 views

SUSE CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

5.6AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24841

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

5.6AI score0.00107EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 2:16 p.m.6 views

CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

5.5CVSS0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 1:54 p.m.21 views

CVE-2026-31481

CVE-2026-31481 affects the Linux kernel tracing code. The issue arises from boot-time trigger frees not being drained when kthread creation fails, causing boot-time deferred entries to leak and a NULL pointer dereference that crashes the system. The fix drains the entire queued list synchronously...

5.5CVSS5.6AI score0.00107EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.29 views

CVE-2026-31481 tracing: Drain deferred trigger frees if kthread creation fails

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34330

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NTSYSTEM privileges on boot. This issue affects all...

8.5CVSS5.9AI score0.00101EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34386

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the tracing component occurs when boot-time trigger registration fails before the trigger-data cleanup kthread is created. If kthread creation fails, the system fails to drain...

5.5CVSS5.1AI score0.00107EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013257 advisory. DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and...

5.5CVSS7.2AI score0.00483EPSS
Exploits0References4
Rows per page
Query Builder