Export limit exceeded: 18973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45876 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-46162 1 Linux 1 Linux Kernel 2026-06-10 7.8 High
In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev). The device release callback ice_sf_dev_release() frees sf_dev, but the current error path falls through to sf_dev_free and calls kfree(sf_dev) again, causing a double free. Keep kfree(sf_dev) for the auxiliary_device_init() failure path, but avoid falling through to sf_dev_free after auxiliary_device_uninit().
CVE-2026-46234 1 Linux 1 Linux Kernel 2026-06-10 7.8 High
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.
CVE-2026-46236 1 Linux 1 Linux Kernel 2026-06-10 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules.
CVE-2026-36800 1 Tenda 1 G0 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-47288 1 Microsoft 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more 2026-06-10 7.1 High
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47291 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 9.8 Critical
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-36803 1 Tenda 1 Pw201a 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-36806 1 Tenda 1 W15e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-45657 1 Microsoft 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more 2026-06-10 9.8 Critical
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
CVE-2026-11596 1 Connectwise 1 Screenconnect 2026-06-10 4.7 Medium
In ScreenConnectâ„¢ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
CVE-2026-40404 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.8 High
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-42828 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-10 7.8 High
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42974 1 Microsoft 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more 2026-06-10 8.1 High
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-11658 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 6.5 Medium
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11689 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.1 High
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-46209 1 Linux 1 Linux Kernel 2026-06-10 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions using plain integer division: unsigned int width = mode_cmd->width / (i ? info->hsub : 1); unsigned int height = mode_cmd->height / (i ? info->vsub : 1); However, the ioctl-level framebuffer_check() in drm_framebuffer.c uses drm_format_info_plane_width/height() which round up dimensions via DIV_ROUND_UP(). This inconsistency corrupts the subsequent GEM object size check for certain pixel format and dimension combinations. For example, with NV12 (vsub=2) and a 1-pixel-tall framebuffer the GEM size validation path sees height=0 instead of height=1. The expression (height - 1) then wraps to UINT_MAX as an unsigned int, causing min_size to overflow and wrap back to a small value. A tiny GEM object therefore passes the size guard, yet when the GPU accesses the chroma plane it will read or write memory beyond the object's bounds. Fix by replacing the open-coded divisions with drm_format_info_plane_width() and drm_format_info_plane_height(), which use DIV_ROUND_UP() and match the calculation already used in framebuffer_check().
CVE-2026-46218 1 Linux 1 Linux Kernel 2026-06-10 7.1 High
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values. Also make the idx a uint32_t to prevent overflows causing the condition to fail.
CVE-2026-9753 1 Mongodb 1 Mongodb Server 2026-06-10 8.1 High
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
CVE-2026-46222 1 Linux 1 Linux Kernel 2026-06-10 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78
CVE-2026-46220 1 Linux 1 Linux Kernel 2026-06-10 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged userspace via crafted DRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a scheduler worker thread. Replace both BUG_ON() calls with WARN_ON() to log the condition without crashing the kernel. A misaligned fence address at this point indicates a driver bug, but crashing the kernel is never the correct response when the assertion is reachable from userspace. The CS IOCTL path is the correct place to filter invalid submissions; the ring emission callback is too late to do anything about it. (cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)