Lucene search
+L

1549 matches found

CVE
CVE
added 2026/06/25 8:38 a.m.23 views

CVE-2026-53167

CVE-2026-53167 affects the Linux kernel’s FUSE path: FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios since !uptodate folios may contain uninitialized data. The vulnerability is scoped to systems without automatic page-alloc zero init (CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1). E...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.34 views

CVE-2026-53167 fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52263

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fuse module where FUSE NOTIFY RETRIEVE is not limited to uptodate folios. Because FUSE NOTIFY RETRIEVE is designed to return data already present in the page cache...

5.5CVSS6AI score0.00122EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51730

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A stack information leak exists in the tap ioctl function during the SIOCGIFHWADDR path. The function copies 16 bytes of an uninitialized on-stack sockaddr storage structure to userspace...

5.5CVSS6AI score0.00112EPSS
Exploits0References20
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux

In memzeroexplicit of compiler-clang.h, there is a possible way to bypass defense in depth due to uninitialized data. This could lead to the disclosure of local information without requiring additional execution privileges. User interaction is not required for exploitation. Product: Android...

5.5CVSS6.2AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 1:15 p.m.12 views

JLSEC-2026-580

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

7.5CVSS8AI score0.04446EPSS
Exploits0References15
OSV
OSV
added 2026/06/08 1:15 p.m.11 views

JLSEC-2026-579

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...

5.3CVSS7.8AI score0.05147EPSS
Exploits0References41
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.20 views

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2049)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ACPI: CPPC: Avoid out of bounds access when parsing CPC dataCVE-2022-49145 scsi: libsas: Fix use-after-free bug in...

9.8CVSS6.4AI score0.00399EPSS
Exploits0References26
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36613

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

4.3CVSS5.7AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

7-Zip 输入验证错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Version 9.18 to 26.00 of 7-Zip contained a vulnerability related to input validation errors. This vulnerability stemmed from the BSD SYMDEF parser in the Unix ar archive resolver, where a heap out-of-bound read was possible,...

6.5CVSS5.3AI score0.00267EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.15 views

SUSE CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-46169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread...

5.5CVSS6.8AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 10:16 a.m.11 views

CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.5CVSS0.0013EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 10:16 a.m.11 views

UBUNTU-CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 9:36 a.m.17 views

EUVD-2026-32796

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.8AI score0.0013EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.12 views

CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/05/28 9:36 a.m.2 views

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.5CVSS6.2AI score0.0013EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.42 views

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

0.0013EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.12 views

SUSE CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

5.8AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 12:57 a.m.14 views

CVE-2026-45930

A flaw was found in the Linux kernel's Multi-Channel Transport Protocol MCTP networking implementation. When processing a RTMGETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leadi...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder