Lucene search
K

2567 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44726

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 0.0.17 Description The go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 modules leak one file descriptor on each successful ParseFile call. This occurs because ParseFile opens the...

5.5CVSS5.8AI score0.00168EPSS
Exploits1References14
EUVD
EUVD
added 2026/05/27 3:33 p.m.9 views

EUVD-2026-32393

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

5.7AI score0.00092EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 12:18 p.m.24 views

CVE-2026-45966

CVE-2026-45966 concerns a Linux kernel/AppArmor regression. When receiving file descriptors via SCM_RIGHTS, both sock and sock->sk can be NULL, leading to NULL pointer dereferences in __unix_needs_revalidation() and a crash. The issue stems from added NULL checks in a new function without ensu...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/27 12:17 p.m.10 views

CVE-2026-45932

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...

7.3CVSS5.7AI score0.00133EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43696

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A NULL pointer dereference occurs when a malformed USB configuration descriptor is supplied. Specifically, if an interface claims bNumEndpoints greater than zero but is followed by a class-specific...

6.9CVSS5.3AI score0.00184EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.12 views

CVE-2026-45932

bpf: Fix tcx/netkit detach permissions when prog fd isnt given...

7.3CVSS5.8AI score0.00133EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.15 views

CVE-2026-46013

mm/memfdluo: fix physical address conversion in putfolios cleanup...

5.8AI score0.00107EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:11 p.m.10 views

GHSA-4G75-9R48-JF92 ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...

4.1CVSS5.8AI score0.00077EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/22 1:11 p.m.19 views

ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...

4.1CVSS5.8AI score0.00077EPSS
Exploits0References3Affected Software17
EUVD
EUVD
added 2026/05/21 12:17 p.m.14 views

EUVD-2026-31272

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

5.9AI score0.00113EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 10:16 a.m.15 views

CVE-2026-45251

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

7.8CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:20 a.m.7 views

CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

5.8AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:20 a.m.42 views

CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 9:4 a.m.9 views

EUVD-2026-31256

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

7.8CVSS5.7AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:4 a.m.10 views

CVE-2026-45251 Kernel use-after-free via file descriptor syscalls

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

5.7AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:4 a.m.40 views

CVE-2026-45251 Kernel use-after-free via file descriptor syscalls

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:4 a.m.60 views

CVE-2026-45251

CVE-2026-45251 describes a kernel use-after-free vulnerability: a file descriptor can be closed while a thread is blocked in poll(2)/select(2). The blocked thread does not hold a reference to the underlying object, so freeing the object may occur while the thread is still waiting. In some fd type...

7.8CVSS5.7AI score0.0017EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42397

Name of the Vulnerable Software and Affected Versions FreeBSD libcasper3 affected versions not specified Description libcasper3 communicates with helper processes via UNIX domain sockets and utilizes the select2 system call to wait for available data. The software fails to verify if the socket...

8.8CVSS5.8AI score0.00172EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

FreeBSD 资源管理错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a resource management vulnerability in FreeBSD. This vulnerability arises from threads being blocked during poll or select calls when file descriptors are closed. The kernel fails to remove the blocked threads...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

FreeBSD : FreeBSD -- Kernel use-after-free via file descriptor syscalls (ee21f41f-54b5-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee21f41f-54b5-11f1-8d7a-bc241121aa0a advisory. A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that...

7.8CVSS5.4AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder