187 matches found
CVE-2026-52971
A flaw was found in the Linux kernel's Elastic Network Adapter ENA driver, specifically within the Precision Time Protocol Hardware Clock PHC timestamp retrieval function. A race condition exists where the gettimestamp function could attempt to access memory that has already been freed by the...
CVE-2026-52923
A flaw was found in the Linux kernel. The ipcidralloc function, used in the checkpoint/restore path for SysV Inter-Process Communication IPC ID allocation, does not properly limit ID allocation to the valid range. This can result in the system attempting to dereference freed memory, leading to a...
Linux Distros Unpatched Vulnerability : CVE-2026-52923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid dereference of sblvbptr I encounter issues when placing an lkbsb on the stack and having the sblvbptr field point to a dangling pointer, without using DLMLKFVALBLK. This will cause a crash with the following...
CVE-2026-46275
A flaw was found in the Linux kernel's Bluetooth hciuart component. Lifecycle management issues, including Use-After-Free UAF and race conditions, were identified during the closing and initialization paths. These issues can lead to the dereferencing of freed memory, potentially causing system...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was identified in the readreloc function in reloc.c. This vulnerability causes a segmentation fault and results in the crash of the...
Astra Linux – Vulnerability in exiv2
An invalid memory address dereferencing was discovered in the Exiv2::StringValueBase::read method in value.cpp of Exiv2 0.26. This vulnerability causes a segmentation fault and results in the application crashing, leading to a denial of service...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013572)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013572 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-dere...
CVE-2026-31411
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...
CVE-2026-31403
A flaw was found in the Linux kernel's Network File System Daemon NFSD component. A local user can exploit this vulnerability by opening the /proc/fs/nfs/exports file and then causing the associated network namespace to be destroyed. Subsequent attempts to read from the still-open file descriptor...
EUVD-2026-14017
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...
AZL-75275 CVE-2026-22795 affecting package openssl for versions less than 3.3.5-3
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
CVE-2026-22796
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
Linux Distros Unpatched Vulnerability : CVE-2026-22795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing...
MiracleLinux 7 : elfutils-0.176-2.el7 (AXSA:2019-3992:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3992:02 advisory. elfutils: Heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges via crafted file CVE-2018-16062 elfutils: Double-free due to double...
CVE-2018-19887
An invalid memory address dereference was discovered in the huffcode function libfaac/huff2.c in Freeware Advanced Audio Coder FAAC 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case...
CVE-2025-52516
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2025:4320-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4320-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...
SUSE CVE-2025-68212
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmountstring In statmountstring, most flags assign an output offset pointer offp which is later updated with the string offset. However, the STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP cases...