42755 matches found
CVE-2026-6851
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
CVE-2026-6851
The CVE-2026-6851 entry concerns Bitdefender products on Windows: Bitdefender Total Security and Bitdefender Internet Security, specifically the File Shredder module. The vulnerability is described as an improper link resolution before file access (link following) that enables a less-privileged l...
EUVD-2026-43632
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
CVE-2026-10667
Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...
CVE-2026-21046
The vulnerability CVE-2026-21046 concerns the fabricKeymaster trustlet. It describes a time-of-check time-of-use race condition that exists prior to the SMR Jul-2026 Release 1. Impact is local: a privileged attacker could execute arbitrary code. The provided sources specify the affected component...
EUVD-2026-42817
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2026-21046
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...
EUVD-2026-42719
A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...
CVE-2026-57030
A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...
CVE-2026-57029
A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...
CVE-2026-57030
CVE-2026-57030 describes a race condition in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series. The vulnerability occurs during flow timeout handling in stateful traffic processing: a race when setting a flow’s timeout can cause the value to be set to an abnormally hig...
CVE-2026-57030 Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS
A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...
CVE-2026-57030
A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
EUVD-2025-210447
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
Moderate: Red Hat Security Advisory: perl:5.32 security update
An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...