Security Vulnerabilities
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-06-05
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-06-05
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-06-05
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-06-05
Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-06-05
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
CVSS Score
5.2
EPSS Score
0.0
Published
2026-06-05
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-06-05