Lucene search
K

346 matches found

RedHat Linux
RedHat Linux
added last week5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.9AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.3 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/07 12:30 a.m.8 views

EUVD-2026-41972

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

6AI score0.00132EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 11:7 p.m.25 views

CVE-2026-13356

The CVE-2026-13356 issue affects Firefox for iOS and centers on a malicious webpage that interrupts a pending navigation by enqueuing a synchronous JavaScript dialog. This side effect causes the browser UI to display the destination origin in the address bar while attacker-controlled content cont...

6.3CVSS6AI score0.00132EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/06 2:31 p.m.5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 1:47 p.m.4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
Mozilla
Mozilla
added 2026/07/05 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox for iOS 152.3 — Mozilla

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content...

6.3CVSS6AI score0.00132EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ACPI: APEI: Send SIGBUS to the current task if a synchronous memory error is not recovered. If a synchronous error is detected due to a user-space process triggering a 2-bit uncorrected error, the CPU will raise an exception,...

5.5CVSS6AI score0.00147EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 5:38 a.m.13 views

BIT-ACTIVEMQ-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS5.4AI score0.00328EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/06/04 1:45 a.m.32 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
NVD
NVD
added 2026/06/01 9:16 a.m.27 views

CVE-2026-49270

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:19 a.m.20 views

CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.8AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45383

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache...

5.9CVSS5.4AI score0.00328EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.12 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.18 views

kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

7.8CVSS5.8AI score0.00097EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/20 1:3 p.m.11 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: spi: Fix for null dereference during suspension There exists a race condition where a synchronous noqueue transfer can remain active during system suspension. This can lead to a null pointer dereference exception when the system...

4.7CVSS5.6AI score0.00181EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...

5.5CVSS6.1AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.24 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fixed race conditions related to nvdimm registration. A loop of the form: c while true; do modprobe cxlpci; modprobe -r cxlpci; done …fails with the following crash message: BUG: Kernel NULL pointer dereference, address...

5.6AI score0.00169EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed reference state management for synchronous callbacks Currently, the verifier verifies callback functions both synchronous and asynchronous as if they would be executed only once. The next instruction to be explored ...

6.2AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder