Lucene search
K

84 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.7 views

CVE-2026-46074

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

5.8AI score0.00119EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 4:22 p.m.9 views

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

7.5CVSS5.8AI score0.00476EPSS
Exploits1References12
EUVD
EUVD
added 2026/05/01 2:14 p.m.12 views

EUVD-2026-26573

In the Linux kernel, the following vulnerability has been resolved: gpib: lpvousb: fix memory leak on disconnect The driver iterates over the registered USB interfaces during GPIB attach and takes a reference to their USB devices until a match is found. These references are never released which...

5.8AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36395

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the lpvo usb driver within the GPIB subsystem. During the GPIB attach process, the driver iterates through registered USB interfaces and acquires references to US...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References7
OSV
OSV
added 2026/04/25 5:49 a.m.6 views

OESA-2026-2076 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. syzbot reported the splat below where a socket had tcpsksk-fastopenrsk in the TCPESTABLISHED state. 0 syzbot...

9.8CVSS5.6AI score0.00488EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/25 1:38 a.m.13 views

SUSE CVE-2026-31581

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6firechipabort, the chip struct is allocated as the card's private data via sndcardnew with sizeofstruct sfirechip. When sndcardfreewhenclosed is called and no file handles are...

6.4CVSS5.6AI score0.00128EPSS
Exploits0References7
OSV
OSV
added 2026/04/24 3:16 p.m.7 views

DEBIAN-CVE-2026-31582

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...

7.8CVSS5.3AI score0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:45 p.m.5 views

CVE-2026-31651

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data on disconnect to avoid NULL-pointer dereferences or use-after-free...

5.3AI score0.00111EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/04/24 2:45 p.m.14 views

EUVD-2026-25543

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its driver data and the last reference can in theory be dropped after the driver has been unbound. This...

5.5AI score0.00115EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 2:45 p.m.23 views

CVE-2026-31650

The CVE concerns the Linux kernel mmc vub300 driver. The root cause is a use-after-free risk from device-managed controller allocation and a lifetime tie to the parent USB device rather than the interface, which can cause memory leaks if the driver is unbound without a disconnect. A last referenc...

7.8CVSS5.5AI score0.00115EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:45 p.m.52 views

CVE-2026-31650 mmc: vub300: fix use-after-free on disconnect

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its driver data and the last reference can in theory be dropped after the driver has been unbound. This...

0.00115EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 2:42 p.m.17 views

EUVD-2026-25475

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...

5.4AI score0.00125EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/24 2:42 p.m.33 views

CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...

0.00125EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.16 views

PT-2026-34934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hwmon powerz component during USB disconnection. When powerz disconnect frees the URB USB Request Block and releases the mutex, a subsequent call to...

9.8CVSS5.1AI score0.00525EPSS
Exploits0References318
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.11 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013708 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in ...

5.6AI score0.00195EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:28 p.m.7 views

SUSE CVE-2026-23428

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of shareconf in compound request smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks tstate == TREECONNECTED on the initial lookup path, but...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 12:30 p.m.7 views

EUVD-2026-15220

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...

5.7AI score0.00123EPSS
Exploits0References7
CVE
CVE
added 2026/03/25 10:27 a.m.18 views

CVE-2026-23331

The CVE-2026-23331 issue concerns the Linux kernel UDP 4-tuple hash table: when an auto-bound UDP socket is bound, connected, and then disconnected, the socket may be moved to a new hash slot without removing the old entry, leaving garbage in the 4-tuple chain. The fix is to remove such a socket ...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder