Lucene search
K

543 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 4:6 p.m.6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.3AI score0.00154EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:13 p.m.12 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.3AI score0.0014EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 12:19 p.m.8 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00154EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 7:16 p.m.14 views

CVE-2026-42932

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:21 p.m.17 views

CVE-2026-50244 Naxclow IoT Platform Missing Authorization

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.4AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:17 p.m.11 views

EUVD-2026-36532

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:17 p.m.30 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48952

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2026-1790)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1790 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

7.8CVSS7.4AI score0.00485EPSS
Exploits0References20
NVD
NVD
added 2026/06/05 12:16 p.m.11 views

CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS0.00154EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:36 a.m.7 views

CVE-2026-50261

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References11
CVE
CVE
added 2026/06/05 10:36 a.m.40 views

CVE-2026-50261

The CVE-2026-50261 entry describes a use-after-free in the X.Org X server and Xwayland related to SyncChangeCounter(). A client that creates multiple SyncCounters can trigger a use-after-free when those counters are destroyed via a second client connection during a change, potentially crashing th...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References13Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:36 a.m.6 views

CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00154EPSS
Exploits0References11
CVE
CVE
added 2026/06/05 10:36 a.m.43 views

CVE-2026-50260

The CVE-2026-50260 entry concerns the X.Org X server and Xwayland, where a use-after-free in FreeCounter() can be triggered by a client that sets up multiple SyncCounters and destroys them via a second client connection. The consequence is potential server crash and, if the X server runs as root,...

7.8CVSS5.4AI score0.00154EPSS
Exploits0References13Affected Software3
Vulnrichment
Vulnrichment
added 2026/06/05 10:36 a.m.7 views

CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00154EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.14 views

SUSE CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

4.7CVSS5.7AI score0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.7 views

CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/28 2:56 a.m.10 views

CVE-2026-45897

A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.37 views

CVE-2026-45920 ext4: fix dirtyclusters double decrement on fs shutdown

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

0.00146EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43727

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conncount component where the connection list may not be cleaned up quickly enough if more than 8 new connections are tracked per jiffy. This occurs...

7.5CVSS5.4AI score0.00686EPSS
Exploits0
Rows per page
Query Builder