62 matches found
SUSE CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
CVE-2026-46027
A flaw was found in the Linux kernel's net/smc component. A remote attacker could exploit this by sending a Connection Less Connection CLC decline message during an early handshake stage. This causes the system to attempt to update link-group level synchronization state before it is properly...
CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
UBUNTU-CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
EUVD-2026-32408
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
CVE-2026-46027
The CVE-2026-46027 fix targets the Linux kernel net/smc path, addressing a race where a CLC decline during an early handshake could trigger updates to link-group level sync state before the link group is fully initialized. The mitigation guards the link-group state update in smc_clc_wait_msg() so...
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoided data corruption caused by decline. We identified a data corruption issue during testing of SMC-R in Redis applications. The benchmark has a low probability of reporting a strange error, as shown below: “Error:...
CVE-2026-41300
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
CVE-2026-41300 OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
CVE-2026-41300 OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
EUVD-2026-24008
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
CVE-2026-41300
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
CVE-2026-41300
OpenClaw npm package OpenClaw (openclaw) before 2026.3.31 is affected by a trust-decline vulnerability that allows attacker-discovered endpoints to survive remote onboarding flows, enabling routing of gateway credentials to malicious endpoints. Affected versions are = 2026.3.31. If exploitation d...
PT-2026-33867
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...
Financial cyberthreats in 2025 and the outlook for 2026
In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than...
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
Summary Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived int...
GHSA-9F4W-67G7-MQWV OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
Summary Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived int...
CVE-2024-41670
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...