CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/08 9:29 p.m.•7 views

CVE-2026-43384

A flaw was found in the Linux kernel's TCP Authentication Option TCP-AO implementation. This vulnerability arises from a non-constant-time comparison of Message Authentication Codes MACs. A remote attacker could potentially exploit this timing discrepancy to perform a timing attack, which may lea...

9.8CVSS5.8AI score0.00057EPSS

Exploits0References4

OSV•added 2026/05/04 1:12 p.m.•2 views

JLSEC-2026-436

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7AI score0.00073EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fixed a NULL pointer dereference issue when using TCP-AO with TCPREPAIR. A NULL pointer dereference can occur in the tcpaofinishconnect function during a connect system call on a socket that has a TCP-AO key added and...

5.5CVSS5.8AI score0.00013EPSS

Tenable Nessus•added 2026/01/20 12:0 a.m.•1 views

MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...

5.9CVSS5.6AI score0.01116EPSS

RedhatCVE•added 2025/10/14 7:42 a.m.•3 views

CVE-2025-39950

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCPREPAIR A NULL pointer dereference can occur in tcpaofinishconnect during a connect system call on a socket with a TCP-AO key added and TCPREPAIR enabled. The...

5.7AI score0.00013EPSS

Exploits0References1

Tenable Nessus•added 2025/10/08 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-39950

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCPREPAIR A NULL pointer dereference can occur in tcpaofinishconnect during a connect system cal...

EUVD•added 2025/10/04 9:30 a.m.•1 views

EUVD-2025-32388

5.9AI score0.00013EPSS

Exploits0References4

NVD•added 2025/10/04 8:15 a.m.•5 views

CVE-2025-39950

5.5CVSS0.00013EPSS

OSV•added 2025/10/04 8:15 a.m.•1 views

UBUNTU-CVE-2025-39950

5.5CVSS5.9AI score0.00013EPSS

Exploits0References16

CVE•added 2025/10/04 7:31 a.m.•17 views

CVE-2025-39950

CVE-2025-39950 pertains to the Linux kernel: a NULL pointer dereference can occur in net/tcp when TCP-AO is used with TCP_REPAIR during connect(), due to dereferencing skb without null-check in tcp_ao_finish_connect(). The vulnerability affects code paths where a TCP-AO key is present and TCP_REP...

Exploits0References3Affected Software1

OSV•added 2025/10/04 7:31 a.m.•2 views

CVE-2025-39950 net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR

NVD•added 2025/09/19 4:15 p.m.•2 views

Exploits0References6

CVE-2025-39852

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 size...

5.5CVSS0.00013EPSS

OSV•added 2025/09/19 4:15 p.m.•1 views

DEBIAN-CVE-2025-39852

5.5CVSS5.3AI score0.00013EPSS

Exploits0References1

OSV•added 2025/09/19 4:15 p.m.•0 views

UBUNTU-CVE-2025-39852

5.5CVSS5.8AI score0.00013EPSS

Exploits0References16

CVE•added 2025/09/19 3:26 p.m.•17 views

CVE-2025-39852

CVE-2025-39852: Linux kernel TCP stack IPv6 TCP-AO path leaks memory when tcp_v6_syn_recv_sock() exits on error due to missing error-handling cleanup. The linked Astra/OpenSUSE advisories confirm the fix adds inet_csk_prepare_forced_close() and tcp_done() (as in the IPv4 path) to ensure the new s...

5.5CVSS6.1AI score0.00013EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/09/19 3:26 p.m.•5 views

CVE-2025-39852 net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6

0.00013EPSS

CNNVD•added 2025/09/19 12:0 a.m.•0 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of TCP-AO failures, which could lead to a memory leak in IPv6 sockets...

Tenable Nessus•added 2025/09/19 12:0 a.m.•2 views

Exploits0References4

Linux Distros Unpatched Vulnerability : CVE-2025-39852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up...