958 matches found
CVE-2026-51605
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...
CVE-2026-23556
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
EUVD-2026-42600
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
CVE-2026-23556
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
CVE-2026-51605
CVE-2026-51605 affects Tenda CP3 V3.0 firmware V31.1.9.991, specifically the RTSP service. A stack-based buffer overflow allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request. The available sources consistently describe the vulnerability type and im...
CVE-2026-51605
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...
CVE-2026-51605
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
UBUNTU-CVE-2026-53352
In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTLPENDINGMASK for caller in zapotherthreads When a multi-threaded process receives a stop signal e.g., SIGSTOP, dosignalstop sets JOBCTLSTOPPENDING and JOBCTLSTOPCONSUME on all threads and sets...
CVE-2026-53355
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS over InfiniBand IB connection teardown process. When the rdsibsetupqp function fails to set up a connection, it may free a memory allocation isends without properly clearing the associated pointer. This can lead to a stale point...
BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...
BIT-ENVOY-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...
SUSE-SU-2026:22436-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by...
CVE-2026-10654
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...
CVE-2026-10654
The CVE-2026-10654 issue is a race in Zephyr’s Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c): when one side initiates a session teardown and the peer simultaneously sends a DISC for DLCI 0, rfcomm_handle_disc() forces the session to DISCONNECTED without calling bt_l...
CVE-2026-53314
In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at cpudown+0x759/0x1020 kernel/cpu.c:1463, CPU0: syz.0.1960/14614 ...
SUSE CVE-2026-53281
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...
Linux Distros Unpatched Vulnerability : CVE-2026-53259
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after- free in ipv6chkacastaddr, which walks the global...
Linux Distros Unpatched Vulnerability : CVE-2026-53175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue tha...