CVE-2026-11611

CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...

EUVD-2026-35129

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE-2026-46295

In the Linux kernel KVM for x86, CVE-2026-46295 stems from a race between vmx_sync_pir_to_irr() on the target vCPU and __vmx_deliver_posted_interrupt() on a sender vCPU. The sequence of operations (pi_test_and_set_pir, then pi_test_and_set_on) can interleave such that the second sync reports max_...

CVE-2026-46275

CVE-2026-46275 affects the Linux kernel Bluetooth hci_uart subsystem, with Use-After-Free and race conditions in lifecycle teardown (init/close paths) that can trigger UAFs and NPDs when workqueues and protocol paths are torn down. The documented fix involves reordering ttys close handling (clear...

PT-2026-47339

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, which can lead to a denia...

Linux Distros Unpatched Vulnerability : CVE-2026-11611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops...

Linux Distros Unpatched Vulnerability : CVE-2026-46275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use- After-Free UAF and Null Pointer Dereference NPD...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of multiple synchronization extensions in DRM v3D, potentially leading to...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2026-1790)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1790 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

CVE-2026-5590

A race condition during TCP connection teardown can cause tcprecv to operate on a connection that has already been released. If tcpconnsearch returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcpbacklogisfull and dereferenced without validatio...

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

CVE-2026-41236

Froxlor 2.3.6 contains a privilege-escalation via a symlink in the SSH keys workflow. The provisioning code appends keys to ~/.ssh/authorized_keys under a customer-controlled home directory without validating that the target path isn’t a symlink. An attacker with shell access to the customer acco...

CVE-2026-41236 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...