CVE-2026-52917

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP diagnostics. When performing a socket diagnostic sockdiag lookup, the system may attempt to access memory related to an SCTP association that has already been freed. This can lead to an out-of-bounds read from...

Astra Linux – Vulnerability in dcmtk

It was discovered that DCMTK v3.6.7 contains a memory leak through the TASCAssociation object...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: Avoid scheduling the deletion of associations twice. When forcibly shutting down a port via the configfs interface, nvmetportsubsysdroplink first calls nvmetportdelctrls, and then nvmetdisableport. Both functions will...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-fc: The use of lock access to portstate and rportstate was corrected. nvmefcunregisterremote removes the remote port from an lport object at any time when there is no active association. This issue conflicts with the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Validates the prefix length of new SA entries using the SA family, when sel.family is unset. This extends the validation introduced in commit 07bf7908950a “xfrm: Validates address prefix lengths in the xfrm selector”. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: In brcmfmac, cfg80211: Handle PMKSA deletion based on the SSID. wpasupplicant 2.11 sends commands for PMKSA flush based on the SSID from version 1efdba5fdc2c statement: “Handle PMKSA flush in the driver for SAE/OWE offlo...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Rejects TDLS operations when the station is not associated. The syzbot triggered a WARN in the ieee80211tdlsoper function by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association i...

PT-2026-50602

Name of the Vulnerable Software and Affected Versions Avo affected versions not specified Description A missing authorization flaw in the association attach workflow allows authenticated low-privileged users to bypass access controls. While the user interface and the 'GET...

CVE-2026-50099

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

CVE-2026-8415

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a persistent SCTP↔E2 node mapping in the cleanup path and enforces this with an assert(), enabling a remote unauthenticated attacker to crash the near-RT RIC (port 36421) by compl...

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

PT-2026-45513

FlexRIC v2.0.0 trusts the xapp id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid xapp id only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp...

sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

...

SUSE CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

UBUNTU-CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...