4940103 matches found
Exploit for CVE-2026-63030
wp2shell \CVE-2026-63030/CVE-2026-60137 Pre Authentication...
MINI-29RX-RP4M-8XQP
Bulletin has no description...
MINI-4496-39JR-GMQQ
Bulletin has no description...
MINI-99MR-RPRQ-77G7
Bulletin has no description...
MINI-RCMP-87RC-QW78
Bulletin has no description...
CVE-2026-63874 net: mctp: usb: fix race between urb completion and rx_retry cancellation
In the Linux kernel, the following vulnerability has been resolved: net: mctp: usb: fix race between urb completion and rxretry cancellation It's possible that sequencing between setting -stopped and cancelling the rxretry work in ndostop could leave us with an urb queued: T1: ndostop T2:...
CVE-2026-63874 net: mctp: usb: fix race between urb completion and rx_retry cancellation
In the Linux kernel, the following vulnerability has been resolved: net: mctp: usb: fix race between urb completion and rxretry cancellation It's possible that sequencing between setting -stopped and cancelling the rxretry work in ndostop could leave us with an urb queued: T1: ndostop T2:...
CVE-2026-63873 accel/amdxdna: Fix mm_struct reference leak in aie2_populate_range()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix mmstruct reference leak in aie2populaterange aie2populaterange jumps back to the again label without calling mmputmm, leaking a reference to the mmstruct. Add the missing mmput before jumping to again...
CVE-2026-63873 accel/amdxdna: Fix mm_struct reference leak in aie2_populate_range()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix mmstruct reference leak in aie2populaterange aie2populaterange jumps back to the again label without calling mmputmm, leaking a reference to the mmstruct. Add the missing mmput before jumping to again...
CVE-2026-63872 esp: fix page frag reference leak on skb_to_sgvec failure
In the Linux kernel, the following vulnerability has been resolved: esp: fix page frag reference leak on skbtosgvec failure In espoutputtail, when esp-inplace is false, the old skb page frags are replaced with a new page from the xfrm pagefrag cache. The source scatterlist sg is built from the ol...
CVE-2026-63872 esp: fix page frag reference leak on skb_to_sgvec failure
In the Linux kernel, the following vulnerability has been resolved: esp: fix page frag reference leak on skbtosgvec failure In espoutputtail, when esp-inplace is false, the old skb page frags are replaced with a new page from the xfrm pagefrag cache. The source scatterlist sg is built from the ol...
CVE-2026-63871 Bluetooth: ISO: Fix data-race on iso_pi fields in hci_get_route calls
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix data-race on isopi fields in hcigetroute calls isoconnectbis, isoconnectcis, isolistenbis, and isoconnbigsync call hcigetroute using isopisk-dst, isopisk-src, and isopisk-srctype without holding locksock. Thes...
CVE-2026-63870 ieee802154: 6lowpan: only accept IPv6 packets in lowpan_xmit()
In the Linux kernel, the following vulnerability has been resolved: ieee802154: 6lowpan: only accept IPv6 packets in lowpanxmit The aoe driver or similar generates a non-IPv6 packet e.g., ETHPAOE and queues it for transmission via devqueuexmit on a 6LoWPAN interface configured by the user or test...
CVE-2026-63870 ieee802154: 6lowpan: only accept IPv6 packets in lowpan_xmit()
In the Linux kernel, the following vulnerability has been resolved: ieee802154: 6lowpan: only accept IPv6 packets in lowpanxmit The aoe driver or similar generates a non-IPv6 packet e.g., ETHPAOE and queues it for transmission via devqueuexmit on a 6LoWPAN interface configured by the user or test...
CVE-2026-63871 Bluetooth: ISO: Fix data-race on iso_pi fields in hci_get_route calls
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix data-race on isopi fields in hcigetroute calls isoconnectbis, isoconnectcis, isolistenbis, and isoconnbigsync call hcigetroute using isopisk-dst, isopisk-src, and isopisk-srctype without holding locksock. Thes...
CVE-2026-63869 wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: limit injected antenna index in ieee80211parsetxradiotap When parsing the radiotap header of an injected frame, ieee80211parsetxradiotap uses the IEEE80211RADIOTAPANTENNA value directly as a shift count:...
CVE-2026-63869 wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: limit injected antenna index in ieee80211parsetxradiotap When parsing the radiotap header of an injected frame, ieee80211parsetxradiotap uses the IEEE80211RADIOTAPANTENNA value directly as a shift count:...
CVE-2026-63868 net: garp: fix unsigned integer underflow in garp_pdu_parse_attr
In the Linux kernel, the following vulnerability has been resolved: net: garp: fix unsigned integer underflow in garppduparseattr The receive-side GARP attribute parser computes dlen with reversed operands: dlen = sizeofga - ga-len; ga-len is the on-wire attribute length and includes the GARP...
CVE-2026-63868 net: garp: fix unsigned integer underflow in garp_pdu_parse_attr
In the Linux kernel, the following vulnerability has been resolved: net: garp: fix unsigned integer underflow in garppduparseattr The receive-side GARP attribute parser computes dlen with reversed operands: dlen = sizeofga - ga-len; ga-len is the on-wire attribute length and includes the GARP...
CVE-2026-63867 mptcp: close TOCTOU race while computing rcv_wnd
In the Linux kernel, the following vulnerability has been resolved: mptcp: close TOCTOU race while computing rcvwnd The MPTCP output path access locklessly the MPTCP-level ackseq in multiple times, using possibly different values for the dataack in the DSS option and to compute the announced rcv...