Lucene search
K

68 matches found

Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS0.00222EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.10 views

CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id without validating it matches the target app’s owner organization. Authenticated attackers can create device records for an application using a foreign organization identifier...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83792d A NULL pointer dereferencing issue was addressed by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7...

5.5CVSS6.3AI score0.00241EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fixed a race condition in the creation of /dev/vtpmx. The /dev/vtpmx becomes visible before ‘workqueue’ is initialized, which can lead to memory corruption in the worst-case scenario. This issue is addressed by...

5.5AI score0.00177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed a memory leak in kvmeiointcdestroy. In kvmioctlcreatedevice, kvmdevice allocates memory. kvmdevice-destroy seems to be supposed to free up the kvmdevice structure, but kvmeiointcDestroy does not do this...

5.2AI score0.00194EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...

5.5CVSS6.2AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 10:34 a.m.29 views

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

0.00119EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/02 9:36 a.m.9 views

CVE-2026-23028

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

5AI score0.00194EPSS
Exploits0References4
CVE
CVE
added 2026/01/31 11:42 a.m.16 views

CVE-2026-23029

The CVE-2026-23029 entry describes a memory-leak in the LoongArch KVM path of the Linux kernel. In kvm_ioctl_create_device(), kvm_device is allocated, but the kvm_device->destroy() path (kvm_eiointc_destroy()) does not free the allocated kvm_device struct, leading to a leak. Multiple sources (...

5.7AI score0.00194EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002086 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...

10CVSS7AI score0.10177EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002705 advisory. The dmgetfromkobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service BUG by leveraging a race condition...

4.7CVSS6.2AI score0.00328EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-23226

Malware in sbrugna...

4.3CVSS4.8AI score0.00781EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-27931

Malicious code in bioql PyPI...

6.4AI score0.00139EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-33245

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00448EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-55329

Malicious code in bioql PyPI...

6.2AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 5:15 p.m.4 views

CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

7.8CVSS0.00149EPSS
Exploits0References8
OSV
OSV
added 2025/09/16 5:15 p.m.4 views

DEBIAN-CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

7.8CVSS5.7AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/16 4:11 p.m.1 views

CVE-2023-53307 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

6.1AI score0.00149EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/09/16 4:11 p.m.4 views

CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

7.8CVSS5.7AI score0.00149EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/09/02 7:19 a.m.5 views

kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

7.8CVSS6.7AI score0.0014EPSS
Exploits0References5
Rows per page
Query Builder