Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35253 | 2 Oracle, Oracle Corporation | 2 Macoron, Oracle Macaron Tool Of Oracle Open Source Projects | 2026-05-06 | 4.7 Medium |
| Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation. | ||||
| CVE-2026-35233 | 2 Oracle, Oracle Corporation | 2 Linux, Oracle Linux | 2026-05-05 | 4.4 Medium |
| An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-then-use of a garbage pointer controlled by adjacent allocations, providing a foothold toward further exploitation in a privileged context. | ||||
| CVE-2026-21991 | 2 Oracle, Oracle Corporation | 2 Linux, Oracle Linux | 2026-04-08 | 5.5 Medium |
| A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. | ||||
Page 1 of 1.