Lucene search
K

1214 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g...

6AI score0.00161EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 1:32 p.m.7 views

EUVD-2026-40983

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...

5.9AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:29 a.m.24 views

CVE-2026-14164

CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the...

7.8CVSS6AI score0.00128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.9 views

CVE-2026-52976

A flaw was found in the Linux kernel. Specifically, within the drm/xe graphics driver, two error handling issues in the xeexecqueuecreateioctl function could lead to memory corruption. This could result in a dangling pointer or a use-after-free vulnerability. A local attacker could potentially...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52976

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the error path jumps to putexecqueue which skips xeexecqueuekill. If the VM...

7.8CVSS0.00128EPSS
Exploits0References7
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.13 views

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00494EPSS
Exploits1References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.5 views

CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS5.6AI score0.00127EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.13 views

EUVD-2026-38726

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

5.7AI score0.00127EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51870

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Two error handling issues exist within the drm/xe graphics driver in the xe exec queue create ioctl function. The first issue occurs when xe hw engine group add exec queue fails; the err...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51716

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the checkpoint/restore sysctl path where the ipc idr alloc function forwards requests to idr alloc with an open-ended upper bound. When the valid SysV IPC id space is...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References402
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel, where the function sunkbdreinit was executed after sunkbdinterrupt had been called, even before sunkbd was freed. Although the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit that leads to a...

7.8CVSS6.4AI score0.00627EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/19 10:55 a.m.9 views

EUVD-2026-38004

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

6.5CVSS6AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51084

Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...

8.7CVSS6AI score0.00117EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 2:17 p.m.15 views

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

9.8CVSS0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 2:10 p.m.10 views

EUVD-2026-37896

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

7.2CVSS5.3AI score0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:10 p.m.9 views

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

7.2CVSS5.3AI score0.00304EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50686

Name of the Vulnerable Software and Affected Versions Eclipse 4diac FORTE versions 3.0.0 through 3.1.0 Description A specially crafted DELETE connection command sent to the management interface can cause a dangling pointer. This condition enables a use-after-free scenario, where subsequent comman...

9.8CVSS5.8AI score0.00304EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/15 2:29 a.m.7 views

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

7.8CVSS6.1AI score0.00226EPSS
Exploits0References5
Rows per page
Query Builder