Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-23075 In the Linux kernel, the following vulnerability has been resolved: can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: g... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22568 Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare co... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23081 In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fix OF node refcount leakage Automated review spotted am OF node reference count leakage when checking if th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23072 In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cited... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23084 In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the parameter pmac_id_valid argument of be_cmd_get_mac_from_... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23085 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem allocatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23086 In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peer_buf_alloc, which i... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23087 In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23088 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that h... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37121 CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can c... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23090 In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23091 In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output devic... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37127 Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23093 In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23065 In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_d... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20986 Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23064 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported:... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23108 In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71233 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23106 In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23107 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the tas... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-58379 Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive informatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69619 A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27024 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children o... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26097 Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-25122 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26096 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23063 In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that r... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23062 In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when acce... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26095 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23061 In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20623 A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20638 A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23116 In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no s... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23117 In the Linux kernel, the following vulnerability has been resolved: ice: add missing ice_deinit_hw() in devlink reinit path devlink-reload results in ice_init_hw failed error, and then removing the ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23119 In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to __skb_flow_dissect() After 3cbf4ffba5ee ("net: plumb network namespace into __skb_flow_dissect")... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23124 In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndisc_router_discovery() syzbot found that ndisc_router_discovery() could read and write in6_dev->ra_m... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23120 In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot re... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23121 In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRIT... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23122 In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestampi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23123 In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string poin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-6520 OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5657 iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31605 In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31603 In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that pi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5407 SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-6534 USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5299 ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31514 In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, i... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31519 In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. l... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.