5343 matches found
PT-2026-58505
Name of the Vulnerable Software and Affected Versions Windows DHCP Server affected versions not specified Description A double free issue exists in the Windows DHCP Server, which could allow an authorized attacker to execute arbitrary code over a network. A double free occurs when the program...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
RLSA-2026:34355 Moderate: mod_http2 security, bug fix, and enhancement update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: Apache HTTP Server modhttp2: Use After Free vulnerability allows arbitrary code execution or denial of service. CVE-2026-48913 httpd: Apache HTTP Server:...
CVE-2026-14604
A flaw was found in Open Asset Import Library Assimp. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. Mitigation To...
CVE-2025-15667 GPAC MP4Box avc_ext.c gf_isom_nalu_sample_rewrite double free
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...
CVE-2025-15667
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...
OESA-2026-2848 alsa-lib security update
The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system. More detail: https://alsa.opensrc.org/Alsa-lib Security Fixes: The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in...
Linux Distros Unpatched Vulnerability : CVE-2026-58381
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the readlayerblock function when processing a specially crafted PSP file...
Moderate: Red Hat Security Advisory: mod_http2 security, bug fix, and enhancement update
An update for modhttp2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Linux Distros Unpatched Vulnerability : CVE-2026-14102
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2026-13775
Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
SUSE-SU-2026:22291-1 Security update for alsa
This update for alsa fixes the following issue - CVE-2026-56109: double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory bsc1268853...
CVE-2026-55653
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...
ALSA-2026:25217 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...
EUVD-2026-36155
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...
CVE-2026-34867
Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability...
RLSA-2026:19154 Important: giflib security update
giflib is a library for reading and writing gif images. Security Fixes: giflib: Giflib: Double-free vulnerability leading to memory corruption CVE-2026-23868 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...
giflib security update
An update is available for giflib. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list giflib is a library for reading and writing gif images. Security Fixes: gifli...
Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1724)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1724 advisory. Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes...
RHEL 9 : kernel (RHSA-2026:20593)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20593 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: fix UAF in procgetinode...