15 matches found
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The UAF issue in ksmbdtcpnewconnection has been fixed. The race that occurs is between the process of handling a new TCP connection and its disconnection. This causes a UAF error in the struct tcptransport structure within...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...
CVE-2023-54280
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990098)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990098 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...
EUVD-2024-31811
Malicious code in bioql PyPI...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2022-49474 Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket twice consecutively in scosockconnect could lead to a race condition where two scoconn objects are created but only one is associated...
Python Connection Race Vulnerability (Jul 2024) - Windows
Python is prone to a connection race vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
PT-2024-24457 · Python +1 · Cpython +1
Name of the Vulnerable Software and Affected Versions: CPython versions 3.5 through latest Description: The issue arises from the "socket" module's pure-Python fallback for the socket.socketpair function on platforms that don't support AF UNIX, such as Windows. This implementation uses AF INET or...
SUSE CVE-2024-26592
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbdtcpnewconnection The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on struct tcptransport in ksmbdtcpnewconnection function...
DEBIAN-CVE-2024-26592
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbdtcpnewconnection The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on struct tcptransport in ksmbdtcpnewconnection function...