Lucene search
K

134 matches found

OSV
OSV
added last week2 views

UBUNTU-CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

2CVSS5.7AI score0.0018EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53075

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

8.8CVSS0.00182EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.25 views

CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

8.8CVSS0.00182EPSS
Exploits1References8
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53075

The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...

8.8CVSS5.7AI score0.00182EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...

6.7CVSS6.8AI score0.0027EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...

5.5CVSS6.7AI score0.00301EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s NFC core functionality due to a race condition between the creation and deletion of kobjects. This vulnerability allows a local attacker with CAPNETADMIN privileges to leak kernel information...

4.1CVSS6.6AI score0.00142EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A null pointer dereference vulnerability was discovered in the nftdynsetinit function in net/netfilter/nftdynset.c within nftables in the Linux kernel. This issue may allow a local attacker with the CAPNETADMIN user privilege to trigger a denial of service attack...

5.5CVSS6.6AI score0.00324EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...

6.7CVSS6.6AI score0.00444EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS5.5AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 11:16 a.m.3 views

UBUNTU-CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 9:24 a.m.32 views

CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

0.00117EPSS
Exploits0References8
NVD
NVD
added 2026/05/21 10:16 a.m.10 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:34 a.m.6 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:34 a.m.7 views

CVE-2026-45254 Incorrect libcap_net limitation list manipulation

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 9:34 a.m.15 views

EUVD-2026-31264

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

FreeBSD : FreeBSD -- Incorrect libcap_net limitation list manipulation (37ab0cbc-54b7-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 37ab0cbc-54b7-11f1-8d7a-bc241121aa0a advisory. In the case of the capnet service, when a key present in the old limit was omitted from the new limit,...

6.5CVSS5.4AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There are security vulnerabilities in FreeBSD, which originate from the capnet service. When new restrictions override old ones, the omitted keys are treated as allowing any operation. This can lead to applications that...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Linux Kernel nftables Out-of-bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is present in any user or network namespace...

7.8CVSS6.8AI score0.02154EPSS
Exploits2References2
Rows per page
Query Builder