Lucene search
K

346 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protection was added to the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. However, access to the device queue is not protected against...

5.5CVSS5.1AI score0.0024EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: qrtr: A refcount bug was fixed in qrtrrecvmsg. Syzbot reported the following bugs: refcountt: Addition of 0; use-after-free. … RIP: 0010:refcountwarnsaturate+0x17c/0x1f0 lib/refcount.c:25 … Call Trace: refcountadd –...

5.5CVSS6.1AI score0.00131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/13 4:43 a.m.13 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40167

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.19 views

PT-2026-40154

Name of the Vulnerable Software and Affected Versions Windows TCP/IP affected versions not specified Description A race condition occurs due to concurrent execution using a shared resource with improper synchronization in Windows TCP/IP. This allows an authorized attacker to elevate privileges...

7.8CVSS5.9AI score0.00154EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.17 views

SUSE CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

4.7CVSS0.00088EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that xfrmpolicyfini does not wait for the RCU reader to complete before releasing the...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37461

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the io uring/zcrx component on SMP systems between the scrub and refill paths. The io zcrx put niov uref function employs a non-atomic check-then-decrement...

4.7CVSS5.8AI score0.00088EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:14 p.m.6 views

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/26 12:0 a.m.8 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014323)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014323 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfsbnodeget in hfsbnodecreate When sync and link are called concurrently,...

5.3AI score0.00173EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has a Link Following issue

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.6AI score0.00105EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34495

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O NOFOLLOW flag. An attacker with...

4.7CVSS5.9AI score0.00105EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32816

Name of the Vulnerable Software and Affected Versions Windows Speech Brokered Api affected versions not specified Description A race condition occurs due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to elevate privileges locally...

7.8CVSS6.4AI score0.00205EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23441

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...

5.7AI score0.00089EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/26 5:16 p.m.11 views

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS0.00248EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 4:39 p.m.7 views

EUVD-2026-16250

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:39 p.m.2 views

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 4:27 p.m.2 views

CVE-2026-27814 EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32398

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder