UBUNTU-CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

ROS-20260410-73-0018

Vulnerability in expat related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

SUSE CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

CVE-2026-31408

CVE-2026-31408 is a Linux kernel Bluetooth SCO use-after-free in sco_recv_frame(), where conn->sk is accessed after releasing sco_conn_lock() without holding a reference. The fix uses sco_sock_hold() to take a reference before unlocking and adds sock_put() on exit paths. Connected advisories s...

UBUNTU-CVE-2026-23471

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2026-30165

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc1-valkyria+ Description A use-after-free issue exists in the Linux kernel related to framebuffers and property blobs when calling drm dev unplug. The issue occurs when dereferencing freed pointers related...

PT-2026-29673

Summary Sending an email with proto : as a header name crashes the Haraka worker process. Details The header parser at node modules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript add headerkey, value, method this.headerskey ??= // line 216...

ROS-20260401-73-0041

Vulnerability in golang-x-net related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ALPINE-CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

ISC BIND 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Assertion Failure (cve-2026-3104)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3104 advisory. - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.If a BIND...

ROS-20260324-73-0014

A vulnerability in the ipv6 component of the Linux operating system kernel is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260324-73-0015

A vulnerability in the ipv6 component of the Linux operating system kernel is associated with the execution of a loop with an inaccessible exit condition. Exploitation of the vulnerability allows an attacker to affect confidentiality, integrity and availability of protected information...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38100)

In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIFIOBITMAP inconsistencies iobitmapexit is invoked from exitthread when a task exists or when a fork fails. In the latter case the exitthread cleans up resources which were allocated during fork. iobitmapexit...

SUSE CVE-2026-23271

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled...

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...

CVE-2026-23271

A flaw was found in the Linux kernel's perf subsystem. A race condition exists between the perfeventoverflow function and functions like perfremovefromcontext or perfeventexitevent. This occurs because perfeventoverflow may execute with only preemption disabled, allowing other operations to free...

UBUNTU-CVE-2026-23271

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled...

CVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled...

CVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled...