10 matches found
CVE-2026-45975
In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...
CVE-2026-23151
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in setsspcomplete Fix memory leak in setsspcomplete where mgmtpendingcmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs...
kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
A use-after-free vulnerability was found in the Linux kernel's Bluetooth HCI socket implementation. A race condition between socket bind and write operations allows mgmtpending to free a command structure while writeiter is still attempting to send it, resulting in use-after-free when the freed...
AZL-52287 CVE-2024-50008 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...
Amazon Linux 2 : jetty (ALAS-2024-2394)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2394 advisory. Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a...
New Microsoft Incident Response team guide shares best practices for security teams and leaders
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still...
New Microsoft Incident Response team guide shares best practices for security teams and leaders
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still...
Eclipse Jetty Security Vulnerability
Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in the Eclipse Jetty Canonical Repository that stems from allowing Servlet users with a very specific command structure to execute incorrect commands...
U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack
The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration PHMSA has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the resu...
Epee Levin Packet Deserialization Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Levin deserialization functionality of the epee library. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Monero...