Lucene search
K

45 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses a guard mutex to protect the device structure. However, the device is freed before the mutex cleanup runs, causing mutexunlock to opera...

7.8CVSS5.2AI score0.00116EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.28 views

Linux Distros Unpatched Vulnerability : CVE-2026-48842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 8:16 p.m.24 views

DEBIAN-CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/25 7:6 p.m.9 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0
CVE
CVE
added 2026/05/25 7:6 p.m.213 views

CVE-2026-48842

The CVE affects Roundcube Webmail 1.6.x ≤1.6.15 and 1.7.x ≤1.7.0, via the virtuser_query plugin, where a pre-authentication SQL injection is triggered by a backslash-escaped preg_replace() bypass. Root cause: input crafted to bypass escapes leads to SQL injection before authentication. Impact is ...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.20 views

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.9 views

PT-2026-43105

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x prior to 1.6.16 Roundcube Webmail versions 1.7.x prior to 1.7.1 Description A pre-authentication SQL injection exists in the virtuser query plugin. The issue stems from a backslash escape bypass within the preg...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References36
SUSE CVE
SUSE CVE
added 2026/02/16 12:26 a.m.3 views

SUSE CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

5.5CVSS5.2AI score0.00116EPSS
Exploits0References7
NVD
NVD
added 2026/02/14 4:15 p.m.6 views

CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

7.8CVSS0.00116EPSS
Exploits0References3
OSV
OSV
added 2026/02/14 4:15 p.m.4 views

UBUNTU-CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/14 4:15 p.m.5 views

CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/14 4:1 p.m.3 views

CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

5.1AI score0.00116EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/14 4:1 p.m.25 views

CVE-2026-23158 gpio: virtuser: fix UAF in configfs release path

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 4:1 p.m.15 views

CVE-2026-23158

CVE-2026-23158 (Linux kernel) affects gpio-virtuser: the configfs release path frees the device inside a guard(mutex) region, leading to a use-after-free when mutex_unlock() runs after the guard. The issue is caused by destroying the mutex and freeing the device while still within the lock’s guar...

7.8CVSS5.2AI score0.00116EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/14 4:1 p.m.5 views

CVE-2026-23158 gpio: virtuser: fix UAF in configfs release path

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

7.8CVSS5.2AI score0.00116EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/14 4:1 p.m.8 views

EUVD-2026-5880

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

5.2AI score0.00116EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/14 4:1 p.m.6 views

CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...

7.8CVSS5.2AI score0.00116EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of the release path after the gpio-virtuser configuration is released, potentially leading to...

7.8CVSS7AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-8153

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the gpio-virtuser configfs release path. The device structure is freed before the guard cleanup runs, causing mutex unlock to operate on freed memory...

9.8CVSS6.8AI score0.0071EPSS
Exploits7References397
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from...

5.5CVSS7.5AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder