Lucene search
K

618 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode = 0x0000000b...

5.5CVSS5.7AI score0.00149EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fixed NULL pointer dereferencing in sanitycheck. If mockchain returns NULL due to a memory allocation failure, it is passed to dmafenceenableswsignaling, resulting in a NULL pointer dereferencing there. Call...

5.3CVSS5.7AI score0.00632EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Created a persistent INTx handler. There exists a vulnerability where the eventfd for INTx signaling can be deconfigured. This causes the IRQ handler to be unregistered, but it still allows eventfds to be signaled with ...

5.5CVSS5.3AI score0.0024EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that generated this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS7.3AI score0.00498EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: Do not delete the error page from the page cache. This change is very similar to the change made for shmem 1. It addresses the same issue, but for the HugeTLBFS mechanism instead. Currently, when a poisoned HugeTLB pag...

5.5CVSS5.9AI score0.00165EPSS
Exploits0References2
MongoDB
MongoDB
added 2026/06/09 10:8 p.m.10 views

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.14 views

FreeBSD Security Advisory - FreeBSD-SA-26:25.thr

FreeBSD Security Advisory - When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call return...

5.4AI score0.00092EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.9CVSS5.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.10 views

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

7.4CVSS5.7AI score0.00174EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 3:25 p.m.8 views

kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

7.8CVSS5.7AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 2026/06/02 4:16 p.m.13 views

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

7.4CVSS0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:35 p.m.7 views

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

5.7AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 2:35 p.m.9 views

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

5.7AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 2:35 p.m.36 views

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:35 p.m.10 views

EUVD-2026-33945

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

9.1CVSS5.7AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 2:35 p.m.22 views

CVE-2026-10629

CVE-2026-10629 concerns Verizon IMS SIP signaling lacking IPsec integrity protection. The SIP signaling stack (unspecified Verizon IMS version) reportedly sends SIP messages without ESP encapsulation or Security-Client/Security-Server headers, exposing REGISTER, INVITE, MESSAGE, BYE, UPDATE, and ...

7.4CVSS5.7AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45769

Name of the Vulnerable Software and Affected Versions Verizon IMS affected versions not specified Description The SIP signaling stack implements SIP signaling without IPsec integrity protection, specifically lacking Security-Client/Security-Server headers and ESP traffic. This allows an on-path...

7.4CVSS5.4AI score0.00174EPSS
Exploits0References4
CERT
CERT
added 2026/06/02 12:0 a.m.11 views

Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments

Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and without SIP Security Agreement headers, exposing...

7.4CVSS5.7AI score0.00174EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Verizon VoLTE 安全漏洞

Verizon VoLTE is a high-definition voice communication service provided by Verizon based on 4G LTE networks. There is a security vulnerability in Verizon VoLTE, which stems from the fact that SIP signaling does not use IPsec integrity protection. This vulnerability may allow attackers to compromi...

7.4CVSS5.3AI score0.00174EPSS
Exploits0References3
Rows per page
Query Builder