Lucene search
K

86 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-45257

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

7.8CVSS0.00154EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39780

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 6 days ago111 views

CVE-2026-45257

CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 6 days ago12 views

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...

8.8CVSS6.1AI score0.0013EPSS
Exploits7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.8 views

SUSE CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.4AI score0.00156EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 2:16 p.m.12 views

CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

0.00156EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 2:16 p.m.6 views

UBUNTU-CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.3AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 12:25 p.m.10 views

EUVD-2026-35430

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.4AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 12:25 p.m.27 views

CVE-2026-46329 erofs: handle end of filesystem properly for file-backed mounts

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

0.00156EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 12:25 p.m.22 views

CVE-2026-46329

The CVE-2026-46329 entry concerns the erofs filesystem in the Linux kernel. The underlying issue was handling end-of-filesystem conditions for file-backed mounts, where I/O requests beyond the filesystem end should be zeroed (as with loopback devices). The advisory indicates this has been resolve...

5.4AI score0.00156EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/09 12:25 p.m.7 views

CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.3AI score0.00156EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.21 views

FreeBSD Security Advisory - FreeBSD-SA-26:26.ktls

FreeBSD Security Advisory - The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through...

5.5AI score0.00154EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.8 views

FreeBSD -- Arbitrary file overwrite via the KTLS receive path

Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...

7.8CVSS5.5AI score0.00154EPSS
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2026/06/09 12:0 a.m.21 views

FreeBSD-SA-26:26.ktls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...

7.8CVSS5.5AI score0.00154EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the EROFS Enhanced Read-Only File System implementation regarding file-backed mounts. I/O requests that extend beyond the end of the filesystem are not handled properl...

5.8AI score0.00156EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...

5.2AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 6:31 p.m.8 views

Deserialization of Untrusted Data

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBackedSessionManager. An attacker can execute arbitrary code by placing a crafted serialized payload into the sessions directory, which is deserialized without...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.10 views

pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-4RHG-H8F2-V4JM pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References4
Rows per page
Query Builder