Lucene search
K

203 matches found

Amazon
Amazon
added 6 days ago7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit CVE-2026-23449 In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes CVE-2026-31449 In the Linux...

9.8CVSS6AI score0.00742EPSS
Exploits0
Amazon
Amazon
added 2026/07/07 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare CVE-2026-43303 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl CVE-2026-43492 In...

9.8CVSS6.3AI score0.00675EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

4.8CVSS6.1AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 12:23 p.m.10 views

CVE-2026-40210

CVE-2026-40210 describes an out-of-bounds read that may occur when SetMacAddrAction is used. This could lead to uninitialized memory being sent over the network or to a crash. The CVSSv3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L with a base score of 4.8 (MEDIUM). Exploitation details are no...

4.8CVSS5.9AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function, which could allow attackers to cause...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.18 views

SUSE CVE-2026-46158

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at the end. Some unlikely checks were returning directly instead of...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46170

CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/27 2:17 p.m.18 views

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

5.5CVSS0.00128EPSS
Exploits0References7
NVD
NVD
added 2026/05/13 1:16 p.m.13 views

CVE-2026-35506

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS0.01308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40596

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping ip addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS7.2AI score0.01308EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28623

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

5.8AI score0.00121EPSS
Exploits0References9
OSV
OSV
added 2026/05/08 1:31 p.m.2 views

CVE-2026-43339 ipv6: prevent possible UaF in addrconf_permanent_addr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

7.8CVSS6.2AI score0.00121EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/05/08 1:31 p.m.7 views

CVE-2026-43339

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

7.8CVSS5.7AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35418

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack c...

10CVSS8.2AI score0.01766EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/18 12:42 a.m.11 views

Zebra: addr/addrv2 Deserialization Resource Exhaustion

CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.9 views

PT-2026-33599

CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion Summary When deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB message size limit. This is much larger th...

6.3CVSS5.7AI score0.00263EPSS
Exploits0References4
CloudLinux
CloudLinux
added 2026/03/09 11:40 a.m.8 views

kernel: Fix of 10 CVEs

ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer CVE-2023-53395 - net: ppp: Add bound checking for skb data on pppsynctxmung CVE-2025-37749 - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS CVE-2022-50315 - ext2: Check block size validity during mount CVE-2023-53569 - gfs2: Fix possible data races...

7.8CVSS6.8AI score0.00295EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/02/22 2:32 a.m.5 views

CVE-2026-2910 Tenda HG9 formPing6 stack-based overflow

A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

9CVSS8.7AI score0.02605EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/19 12:2 p.m.32 views

CVE-2019-25408 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via netwizard2

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

6.1CVSS0.0034EPSS
Exploits1References4
OSV
OSV
added 2026/02/19 9:17 a.m.4 views

SUSE-SU-2026:20513-1 Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access bsc1249455. - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers an...

7.4CVSS5.8AI score0.01345EPSS
Exploits8References13
Rows per page
Query Builder