Lucene search
K

2567 matches found

FreeBSD Advisory
FreeBSD Advisory
added 2026/05/20 12:0 a.m.9 views

FreeBSD-SA-26:19.file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:19.file Security Advisory The FreeBSD Project Topic: Kernel use-after-free via file descriptor syscalls Category: core Module: file Announced: 2026-05-20...

7.8CVSS5.9AI score0.0017EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/05/20 12:0 a.m.14 views

FreeBSD -- Kernel use-after-free via file descriptor syscalls

Problem Description: A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked...

7.8CVSS5.8AI score0.0017EPSS
Exploits0
NVD
NVD
added 2026/05/19 4:16 p.m.20 views

CVE-2026-5804

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

8.4CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 2:42 p.m.9 views

CVE-2026-5804

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 2:42 p.m.12 views

CVE-2026-5804

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41947

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 2:12 p.m.20 views

CVE-2026-39455

CVE-2026-39455 affects the BIG-IP Configuration utility when LDAP authentication is used. Undisclosed traffic can cause the httpd process to exhaust file descriptors, leading to a denial‑of‑service where the Configuration utility stops responding until httpd is restarted. Exploitation: remote, un...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software21
OSV
OSV
added 2026/05/12 3:28 p.m.5 views

CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 3:16 p.m.8 views

CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

5.5CVSS0.00107EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.32 views

CVE-2026-43389 mm: memfd_luo: always dirty all folios

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

0.00107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 4 : Red Hat build of MicroShift 4.16.24 (RHSA-2024:10149)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10149 advisory. - runc: file descriptor leak CVE-2024-21626 Note that Nessus has not tested for this issue but has instead relied only on the application's...

8.6CVSS7AI score0.18087EPSS
Exploits18References5
NVD
NVD
added 2026/05/01 2:16 p.m.5 views

CVE-2026-31713

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...

5.5CVSS0.00115EPSS
Exploits0References3
CVE
CVE
added 2026/05/01 1:56 p.m.21 views

CVE-2026-31718

The CVE-2026-31718 entries describe a use-after-free in ksmbd (Linux kernel in-kernel SMB3 server) triggered when a durable file handle survives a session disconnect. The root cause is an asymmetric cleanup of lock state: byte-range locks left on a freed conn->lock_list after fp->conn is nu...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 1:56 p.m.4 views

CVE-2026-31718

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdclosefd via durable scavenger When a durable file handle survives session disconnect TCP close without SMB2LOGOFF, sessionfdcheck sets fp-conn = NULL to preserve the handle for later reconnection...

9.8CVSS5.7AI score0.00356EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36343

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the FUSE Filesystem in Userspace component where the filesystem creation process can hang if the server exits due to an error or crash while processing FUSE INIT during...

9.8CVSS6.1AI score0.93235EPSS
Exploits33References291
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the persistent cleaner in ksmbd, which reuses memory after release in ksmbdclosefd, potentially...

9.8CVSS5.8AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 a.m.5 views

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

7.8CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 8:1 a.m.8 views

EUVD-2026-26356

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

7.8CVSS5.3AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 8:1 a.m.42 views

CVE-2026-39457

CVE-2026-39457 concerns the libnv library. The issue arises when exchanging data over a socket: libnv uses select(2) but does not verify that the socket descriptor fits within FD_SETSIZE (1024). This can allow an attacker to cause stack corruption by forcing a process to allocate many file descri...

7.8CVSS5.3AI score0.00151EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.4 views

FreeBSD : FreeBSD -- Stack overflow via select() file descriptor set overflow (892fabf5-4435-11f1-bb07-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 892fabf5-4435-11f1-bb07-bc241121aa0a advisory. When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References2
Rows per page
Query Builder