|
2731
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: lapbether: handle NETDEV_PRE_TYPE_CHANGE
lapbeth_data_transmit() expects the underlying device type
to be ARPHRD_ETHER.
Ret…
|
NVD-CWE-noinfo
|
CVE-2026-43103
|
2026-05-12 02:33 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2732
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Fix a memory leak in hang state error path
When vc4_save_hang_state() encounters an early return condition, it
returns w…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43104
|
2026-05-12 02:32 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2733
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Fix memory leak of BO array in hang state
The hang state's BO array is allocated separately with kzalloc() in
vc4_save_h…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43105
|
2026-05-12 02:32 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2734
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix incorrect dentry refcount in cachefiles_cull()
The patch mentioned below changed cachefiles_bury_object() to expe…
|
NVD-CWE-Other
|
CVE-2026-43106
|
2026-05-12 02:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2735
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: account XFRMA_IF_ID in aevent size calculation
xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then
build…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2026-43107
|
2026-05-12 02:30 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2736
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei
It looks element length declared in servreg_loc_pfr_req_ei for…
|
NVD-CWE-noinfo
|
CVE-2026-43108
|
2026-05-12 02:27 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2737
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86: shadow stacks: proper error handling for mmap lock
김영민 reports that shstk_pop_sigframe() doesn't check for errors from
mmap_…
|
NVD-CWE-noinfo
|
CVE-2026-43109
|
2026-05-12 02:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2738
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Th…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2026-44263
|
2026-05-12 02:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2739
|
7.5 |
HIGH
Network
|
prometheus
|
prometheus
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-12 02:22 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2740
|
7.5 |
HIGH
Network
|
prometheus
|
prometheus
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-12 02:22 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
