Lucene search
+L

5140 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:39 p.m.13 views

CVE-2026-13201

CVE-2026-13201 concerns KubeVirt’s safepath package, where OpenAtNoFollow uses O_PATH|O_NOFOLLOW to obtain a descriptor for a path leaf, but downstream helpers access paths via /proc/self/fd/N. If the leaf is a symlink, the kernel dereferences it, bypassing intended no-follow protection. An attac...

7.3CVSS6AI score0.00122EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/24 8:15 p.m.25 views

CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS0.00547EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:15 p.m.29 views

CVE-2026-52814

CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:15 p.m.5 views

CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.9 views

EUVD-2026-38907

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

6AI score0.00122EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38873

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

5.7AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.9 views

EUVD-2026-38831

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.7AI score0.00128EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38832

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00127EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53057

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...

8.8CVSS0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53039

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

5.5CVSS0.00122EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.8 views

CVE-2026-52996

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget. parsedurablehandlecontext in the DURABLEREQV2 case properly releases this...

5.5CVSS0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS0.00128EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.5CVSS0.00127EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount

In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2logflush can be called when sdp-sdjdesc has already been deallocated and sdp-sdjdesc is NULL. Commit 35264909e9...

5.8AI score0.00172EPSS
Exploits0References10
CVE
CVE
added 2026/06/24 4:29 p.m.13 views

CVE-2026-53039

CVE-2026-53039 concerns the Linux kernel OCFS2 code where OCFS2_IOC_GROUP_ADD could trigger a BUG_ON in ocfs2_set_new_buffer_uptodate due to validating the group input too late. The root cause is user-controlled group block being cached before ocfs2_verify_group_and_input() validates it, and impr...

5.5CVSS6AI score0.00122EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.37 views

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:28 p.m.14 views

CVE-2026-52964

Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.4 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00127EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder