Lucene search
K

17898 matches found

OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53295

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

5.7AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

5.7AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53295

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

0.00177EPSS
Exploits0References8
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53294

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

0.00177EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

UBUNTU-CVE-2026-53295

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

5.7AI score0.00177EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.5 views

CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

5.8AI score0.00177EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39900

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

5.8AI score0.00177EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.5 views

CVE-2026-53295

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

5.7AI score0.00177EPSS
Exploits0
CVE
CVE
added 2026/06/26 7:40 p.m.10 views

CVE-2026-53295

CVE-2026-53295 (Linux kernel) : The mailbox subsystem contains a missing sanity check for the channel array on a mailbox controller. If no channel array is attached, subsequent dereferencing can trigger an OOPS, potentially not visible because mailbox controllers may initialize very early. The fi...

5.8AI score0.00177EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:40 p.m.8 views

EUVD-2026-39899

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

5.8AI score0.00177EPSS
Exploits0References8
CVE
CVE
added 2026/06/26 7:40 p.m.11 views

CVE-2026-53294

The CVE-2026-53294 entry concerns the Linux kernel mailbox subsystem. The issue arises in mailbox-test where the RX channel can be aliased to the TX channel if they have different MMIO, creating a special case that can lead to a double-free when freeing channels. The public descriptions indicate ...

5.8AI score0.00177EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:5 a.m.6 views

EUVD-2026-39627

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:5 a.m.37 views

CVE-2026-49486 Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 7:5 a.m.15 views

CVE-2026-49486

The CVE concerns the Apache Airflow FTP provider. The FTPSHook.get_conn() creates an ftplib.FTP_TLS connection but does not call prot_p(), leaving the data channel unencrypted even though the control channel is TLS-protected. This exposes file contents and credentials-in-transit to anyone who can...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/26 2:16 a.m.10 views

CVE-2026-50741

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS0.02734EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.37 views

CVE-2026-50741

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS0.02734EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52668

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-ftp versions prior to 3.15.1 Description The FTPSHook.get conn function in the Apache Airflow FTP provider creates an ftplib.FTP TLS connection without calling prot p. This results in the data channel being transmitted...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox component where the system fails to perform a sanity check for the channel array. If no channel array is attached to the mailbox controller, a subsequent...

5.8AI score0.00177EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.21 views

PT-2026-52933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...

5.7AI score0.00177EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52649

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS7.2AI score0.02734EPSS
Exploits0References9
Rows per page
Query Builder