Lucene search
K

23997 matches found

Amazon
Amazon
added 2026/05/09 12:0 a.m.22 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's-nocbcbkthread pointer access CVE-2025-38704 In...

7.8CVSS6.2AI score0.00178EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/05/09 12:0 a.m.19 views

Unbreakable Enterprise kernel security update: Dirty Frag

6.12.0-201.74.2.3 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39342689 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39342689 - rxrpc: only handle RESPONSE during service challenge Wang Jie...

8.8CVSS6AI score0.93235EPSS
Exploits33
Github Security Blog
Github Security Blog
added 2026/05/08 11:2 p.m.12 views

free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions

Summary free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token to read PFD application data via GET...

10CVSS6AI score0.00287EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/08 11:2 p.m.5 views

GHSA-RWWW-X45W-P52W free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions

Summary free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token to read PFD application data via GET...

10CVSS6AI score0.00287EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/08 10:56 p.m.10 views

CVE-2026-43416

A flaw was found in the Linux kernel. A local user can cause a denial of service DoS by triggering a NULL pointer dereference within the perf subsystem. This occurs when the memory management structure current-mm is prematurely released before the system attempts to retrieve the user callchain,...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 8:16 p.m.25 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
OSV
OSV
added 2026/05/08 7:50 p.m.6 views

CLSA-2026-1778261513 Update of alt-php

Miscellaneous Ubuntu changes - Packaging: add tuxcare suffix Miscellaneous upstream changes - xfrm: esp: avoid in-place decrypt on shared skb frags - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/05/08 7:49 p.m.24 views

CVE-2026-42189

CVE-2026-42189 affects the Russh Rust SSH library. A pre-authentication denial-of-service exists in the server keyboard-interactive authentication path: an attacker can trigger an OOM crash by sending a crafted USERAUTH_INFO_RESPONSE with a large n, causing the server to allocate memory for a mas...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:49 p.m.7 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/08 7:49 p.m.52 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/08 7:21 p.m.10 views

CVE-2026-43321

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability arises from the kernel's failure to correctly identify and mark active registers during indirect jump operations within the BPF program execution. An attacker could potentially exploit this to manipula...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 6:52 p.m.10 views

CVE-2026-43306

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF crypto component. A local attacker, by running a specially crafted BPF program, could trigger a type mismatch in function pointers when Control Flow Integrity CFI is enabled. This can lead to a kernel internal error, resulting in a...

6.1CVSS5.8AI score0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 6:27 p.m.12 views

CVE-2026-43296

A flaw was found in the Linux kernel's octeontx2-af driver. This vulnerability arises from issues within the NIX SQ Send Queue manager's sticky mode and the PSE Packet Stream Engine, which can lead to system stalls, deadlocks, and credit drops. When multiple Send Queues share a Send Message Queue...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28605

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28561

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

5.8AI score0.00269EPSS
Exploits0References8
NVD
NVD
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43416

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

5.5CVSS0.00121EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/08 2:21 p.m.29 views

CVE-2026-43371

The CVE-2026-43371 details the Linux kernel macb driver fault where disabling transmit resets tx_head/tx_tail to 0, causing silent loss of queued packets, memory leaks, and race conditions between macb_tx_poll() and macb_start_xmit(). This can prolong recovery after suspend (e.g., NFS rootfs on A...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.33 views

CVE-2026-43371 net: macb: Shuffle the tx ring before enabling tx

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

0.00123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.8 views

CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.8AI score0.00123EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder