Lucene search
K

12715 matches found

RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005115)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005115 advisory. In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and fr...

7.8CVSS6.6AI score0.00235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005184)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005184 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0...

7.8CVSS6.7AI score0.00241EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005175 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanupbearer. syzkaller reported a use-after-free o...

7.8CVSS6.6AI score0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005059 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDPUMEM|COMPLETIONFILLRING syzbot reported an illegal copy in...

6.7CVSS6.7AI score0.00256EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005047)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005047 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs...

7.1CVSS6.6AI score0.00227EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005060 advisory. In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CP...

5.5CVSS6.7AI score0.00301EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.8 views

Oracle Linux 9 : kernel (ELSA-2026-1143)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1143 advisory. - Bluetooth: hcisock: Prevent race in socket write iter and sock bind CKI Backport Bot RHEL-139462 CVE-2025-68305 - dm: fix dmblkreportzones CKI Backpo...

7.8CVSS7.1AI score0.00203EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005165 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting fo...

7.8CVSS6.8AI score0.0023EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 2:48 p.m.7 views

BIT-NODE-MIN-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS6AI score0.00663EPSS
Exploits1References2
OSV
OSV
added 2026/01/26 2:48 p.m.4 views

BIT-NODE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS6AI score0.00663EPSS
Exploits1References2
OSV
OSV
added 2026/01/26 2:47 p.m.4 views

BIT-NODE-MIN-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.9AI score0.03782EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2026/01/26 2:47 p.m.8 views

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

5.8AI score0.00203EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 2:47 p.m.3 views

kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind

A use-after-free vulnerability was found in the Linux kernel's Bluetooth HCI socket implementation. A race condition between socket bind and write operations allows mgmtpending to free a command structure while writeiter is still attempting to send it, resulting in use-after-free when the freed...

5.8AI score0.00156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 2:47 p.m.20 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.9AI score0.00203EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/01/26 2:47 p.m.3 views

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

5.8AI score0.00171EPSS
Exploits0References5
OSV
OSV
added 2026/01/26 2:47 p.m.3 views

BIT-NODE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.9AI score0.03782EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2026/01/26 2:32 p.m.2 views

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

5.8AI score0.00178EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 2:32 p.m.2 views

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

5.8AI score0.00171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 1:44 p.m.6 views

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

5.8AI score0.00203EPSS
Exploits0References5
Rows per page
Query Builder