Lucene search
K

950 matches found

FreeBSD
FreeBSD
added 2026/04/29 12:0 a.m.11 views

FreeBSD -- Stack overflow via select() file descriptor set overflow

Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...

7.8CVSS5.4AI score0.00151EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:57 p.m.4 views

CVE-2026-41338

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

5CVSS5.8AI score0.00088EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.7 views

SUSE CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of error paths. This vulnerability may lead to an imbalance in reference counts...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34447

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

5.9CVSS5.8AI score0.00393EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

PowerDNS Authoritative 资源管理错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a resource management vulnerability that can lead to a denial-of-service attack. This vulnerability occurs when the PowerDNS auxiliary servers forward DNS update requests to malicious...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007056)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007056 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...

5.5CVSS5.6AI score0.00166EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007272 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...

5.5CVSS6.3AI score0.00296EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:29 p.m.2 views

CVE-2026-39959

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

7.1CVSS5.9AI score0.00124EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/04/08 7:52 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:52 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006710)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006710 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/04/07 9:17 p.m.5 views

CVE-2026-34045

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection...

9.1CVSS0.00474EPSS
Exploits1References5
OSV
OSV
added 2026/03/30 8:16 p.m.4 views

ALPINE-CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

3.3CVSS7.1AI score0.00159EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/25 10:10 a.m.3 views

Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization and update golang-github-boynux-squidexporter: Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squid 6...

4.6CVSS5.8AI score0.00324EPSS
Exploits1References24
NVD
NVD
added 2026/03/16 2:19 p.m.13 views

CVE-2026-32713

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

6.5CVSS0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:20 p.m.39 views

CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:20 p.m.5 views

CVE-2026-32713

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/13 9:20 p.m.31 views

CVE-2026-32713

CVE-2026-32713 affects the PX4 Autopilot MAVLink FTP subsystem. A logic error in session validation (using boolean AND instead of OR) permits BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors, enabling an unauthenticated attacker to put the FTP sub...

6.5CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 9:20 p.m.3 views

CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS5.8AI score0.00387EPSS
Exploits1References1
Rows per page
Query Builder