9482 matches found
CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
ALPINE-CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-10536
CVE-2026-10536 describes a use-after-free in libcurl when an application builds an HTTP/2 stream-dependency tree with CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() and ends with curl_easy_cleanup(). During final cleanup libcurl may access/modify an internal structu...
CVE-2026-10536 HTTP/2 stream-dependency tree UAF
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
EUVD-2026-41497
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
CVE-2026-10536 HTTP/2 stream-dependency tree UAF
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
EUVD-2026-37806
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch...
CVE-2026-53358
A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...
CVE-2026-53357
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...
CVE-2026-53358
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...
UBUNTU-CVE-2026-53358
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...
UBUNTU-CVE-2026-53357
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...
CVE-2026-53357 Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...
CVE-2026-53358
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...
EUVD-2026-41373
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...
CVE-2026-53358
The CVE-2026-53358 issue is in the Linux kernel Bluetooth L2CAP code. The vulnerability related to channel cleanup in cleanup_listen() was fixed by not calling l2cap_chan_close() under the incorrect lock order; instead, it now schedules l2cap_chan_timeout with a delay of 0 to close the channel as...
CVE-2026-53357
CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...