9575 matches found
CVE-2026-53007
A flaw was found in the Linux kernel's ice driver. This vulnerability occurs due to a potential NULL pointer dereference in the icesetringparam function. When tstampring of temporary txrings is nullified without clearing the ICETXRINGFLAGSTXTIME bit, and a subsequent icesetuptxring call fails, it...
CVE-2026-40210
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...
CVE-2026-40210
CVE-2026-40210 describes an out-of-bounds read that may occur when SetMacAddrAction is used. This could lead to uninitialized memory being sent over the network or to a crash. The CVSSv3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L with a base score of 4.8 (MEDIUM). Exploitation details are no...
CVE-2026-53141
The CVE-2026-53141 issue affects the Linux kernel DRM v3d global performance monitor reference counting. In SET_GLOBAL, v3d_perfmon_find() bumps the perfmon’s reference count, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths, causing leak...
CVE-2026-53131
CVE-2026-53131 : In the Linux kernel, the netfilter code paths for several ipset types (ip6t_eui64, xt_mac, bitmap:ip,mac, hash:ip,mac, hash:mac) and nf_log_syslog could access eth_hdr(skb) without guaranteeing an Ethernet MAC header. The issue arises when code assumes skb is tied to an Ethernet ...
Rclone RC - Broken Access Control
Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...
CVE-2026-52944
A flaw was found in the Linux kernel's ksmbd component. This vulnerability allows a client to bypass intended permission restrictions by using the FSCTLSETSPARSE operation. Specifically, a client on a read-only share can modify a file's sparse attribute, and clients on writable shares can modify...
EUVD-2026-38875
In the Linux kernel, the following vulnerability has been resolved: ice: fix potential NULL pointer deref in error path of icesetringparam icesetringparam nullifies tstampring of temporary txrings, without clearing ICETXRINGFLAGSTXTIME bit. When ICETXRINGFLAGSTXTIME is set and the subsequent...
EUVD-2026-38846
In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...
EUVD-2026-38989
In the Linux kernel, the following vulnerability has been resolved: amd-pstate: Fix memory leak in amdpstateeppcpuinit On failure to set the epp, the function amdpstateeppcpuinit returns with an error code without freeing the cpudata object that was allocated at the beginning of the function...
EUVD-2026-38968
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix deadlock in remain-on-channel mt76remainonchannel and mt76roccomplete call mt76setchannel while already holding dev-mutex. Since mt76setchannel also acquires dev-mutex, this results in a deadlock. Use mt76setchann...
CVE-2025-61027
A flaw was found in openlink virtuoso-opensource. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the tsetpush component. This can lead to a Denial of Service DoS, making the system unavailable to legitimate users...
EUVD-2026-38734
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
CVE-2026-52944
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
CVE-2026-52944
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
ROOT-OS-UBUNTU-2404-CVE-2022-49940 CVE-2022-49940 in rootio-linux - Patched by Root
Root has patched CVE-2022-49940 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2026-52921
In the Linux kernel netfilter ipset code, a vulnerability was fixed where iterating IPv4 ranges with a 32-bit iterator could advance past the end of the requested range. This affects the following hash set variants: hash:ip,mark; hash:ip,port; hash:ip,port,ip; hash:ip,port,net. The underlying iss...
CVE-2026-12847
GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...
CVE-2026-12846 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...
CVE-2026-12846
CVE-2026-12846 affects GV-I/O Box 4E (DVRSearch CMD_IP_SET buffer overflow). Connected sources confirm multiple attacker-controlled overflows in CMD_IP_SET (e.g., Net Mask field, IP field, Gateway, DNS) via UDP on port 10001, enabling arbitrary code execution on vulnerable versions (notably GV-I/...