105475 matches found
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
A flaw was found in the Linux kernel's xfrm IPSec framework subsystem. This vulnerability, a use-after-free, occurs when the system incorrectly manages memory related to security policies, specifically during the deletion of xfrmstate lists. An attacker with local access could exploit this flaw b...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2026-57076
A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...
DEBIAN-CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
DEBIAN-CVE-2026-13713
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...
CVE-2026-13713
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
CVE-2026-13713
CVE-2026-13713 affects YAML::Syck versions before 1.47 (Perl). A use-after-free and double-free occurs when an anchor is redefined while still on the parser value stack, due to how syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node. The freed node may still be live on the value stack,...
CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...
GHSA-GGXF-9F6J-W742 Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`
Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...
CVE-2026-43731
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...
CVE-2026-43740
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, leading to disclosure of process memory...
CVE-2026-43742
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43734
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43727
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43726
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43720
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...