Lucene search
+L

3745 matches found

OSV
OSV
added 2026/06/24 9:59 a.m.4 views

SUSE-SU-2026:22490-1 Security update for the Linux Kernel RT (Live Patch 22 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-45.1 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race bsc126308...

9.8CVSS6.2AI score0.0049EPSS
Exploits8References12
OSV
OSV
added 2026/06/24 9:46 a.m.4 views

SUSE-SU-2026:22420-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References14
OSV
OSV
added 2026/06/24 9:39 a.m.3 views

SUSE-SU-2026:22479-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...

9.8CVSS6.2AI score0.0049EPSS
Exploits8References14
OSV
OSV
added 2026/06/24 9:32 a.m.3 views

SUSE-SU-2026:22461-1 Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race bsc126308...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References12
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.4 views

UBUNTU-CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.6AI score0.00335EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.53 views

CVE-2026-52929 sctp: stream: fully roll back denied add-stream state

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.12 views

EUVD-2026-38699

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

5.7AI score0.00394EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.19 views

CVE-2026-52929

The CVE affects the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the rollback only shrinks queued chunks and lowers outcnt, leaving removed stream metadata behind. A subsequent re-add can reuse a stale ext and trigger a null-pointer dereference in the scheduler get path, pot...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.3 views

CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.37 views

CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS0.00335EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/23 12:31 p.m.10 views

EUVD-2026-38446

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/23 12:31 p.m.9 views

CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 12:31 p.m.7 views

EEF-CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Summary Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode\each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/06/23 12:5 p.m.8 views

Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cac...

8.8CVSS6.4AI score0.0049EPSS
Exploits8References26
Amazon
Amazon
added 2026/06/22 12:0 a.m.16 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...

9.8CVSS6.4AI score0.00559EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/06/18 10:43 a.m.11 views

CVE-2026-49762

A flaw was found in the Elixir standard library's Version module. A remote attacker can exploit this uncontrolled resource consumption vulnerability by providing a specially crafted, excessively long version string. This malicious input forces the system to perform a super-linear,...

5.9CVSS5.1AI score0.00152EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.9 views

Siemens Ruggedcom Rox Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-40949)

Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying...

9.1CVSS7.5AI score0.00674EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.10 views

Siemens RUGGEDCOM RST2428P NULL Pointer Dereference (CVE-2026-22976)

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS5.4AI score0.00118EPSS
Exploits0References4
Rows per page
Query Builder