346 matches found
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
EUVD-2026-41972
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...
CVE-2026-13356
The CVE-2026-13356 issue affects Firefox for iOS and centers on a malicious webpage that interrupts a pending navigation by enqueuing a synchronous JavaScript dialog. This side effect causes the browser UI to display the destination origin in the address bar while attacker-controlled content cont...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
Security Vulnerabilities fixed in Firefox for iOS 152.3 — Mozilla
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ACPI: APEI: Send SIGBUS to the current task if a synchronous memory error is not recovered. If a synchronous error is detected due to a user-space process triggering a 2-bit uncorrected error, the CPU will raise an exception,...
BIT-ACTIVEMQ-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...
Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions
Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...
CVE-2026-49270
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...
CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...
PT-2026-45383
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()
A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: spi: Fix for null dereference during suspension There exists a race condition where a synchronous noqueue transfer can remain active during system suspension. This can lead to a null pointer dereference exception when the system...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fixed race conditions related to nvdimm registration. A loop of the form: c while true; do modprobe cxlpci; modprobe -r cxlpci; done …fails with the following crash message: BUG: Kernel NULL pointer dereference, address...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed reference state management for synchronous callbacks Currently, the verifier verifies callback functions both synchronous and asynchronous as if they would be executed only once. The next instruction to be explored ...