1343 matches found
CVE-2026-50306
CVE-2026-50306 is a Windows TCP/IP use-after-free vulnerability that allows an authorized, local attacker to elevate privileges. Affected component is the Windows TCP/IP stack; impact is local privilege escalation with high severity (CVSS 3.1: 7.8). Microsoft has released updates (KB5095051, KB50...
FTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/shell/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...
FTP Fetch, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an FTP server. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...
FTP Fetch, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an FTP server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/peinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show an...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
EUVD-2026-42332
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
EUVD-2026-42328
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
PT-2026-56475
Name of the Vulnerable Software and Affected Versions U-Boot versions prior to 2026.04-rc3 Description An integer underflow exists in the tcp rx state machine function within net/tcp.c. A network-adjacent attacker can trigger this by sending a malformed TCP SYN+ACK packet with a manipulated data...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
sctp: purge outqueue on stale COOKIE-ECHO handling
...
tcp: restrict SO_ATTACH_FILTER to priv users
...
CVE-2026-53224
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...
SUSE-SU-2026:2632-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work...