268 matches found
Linux kernel double release vulnerability (CNVD-2026-16036)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a double-release vulnerability, which stems from the bsgdone function resulting in a double-release that can be exploited by an attacker to cause the...
GHSA-4JCG-JXPF-5VQ3 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php
Summary The AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but performs no authentication or authorization checks before doing so. An...
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the onpublishdone.php process. An attacker can disrupt active live streams by sending crafted POST requests with...
CVE-2026-34731
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...
CVE-2026-34731
WWBN AVideo (open source video platform) vulnerability in the Live plugin: in versions 26.0 and earlier, the on_publish_done.php RTMP callback endpoint allows unauthenticated termination of any active live stream. An attacker can enumerate active stream keys via the unauthenticated stats.json.php...
CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...
PT-2026-29361
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on publish done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but...
CVE-2026-23400
A flaw was found in the Linux kernel's rustbinder component. A local user could potentially trigger a deadlock condition. This occurs when the setnotificationdone function is called while the proc lock is already held and the current thread is not a 'looper' a thread designed to handle specific...
EUVD-2026-16993
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
UBUNTU-CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400 rust_binder: call set_notification_done() without proc lock
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...
CVE-2026-23400 rust_binder: call set_notification_done() without proc lock
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from rustbinder calling setnotificationdone when holding the proc lock, potentially leading to a...
CVE-2026-23376
A flaw was found in the Linux kernel's nvmet-fcloop component. This vulnerability occurs due to incorrect handling of resource freeing when the remote port state is not online. Specifically, the fcloopt2hxmtlsrsp routine fails to check the remoteport-portstate before calling a done callback, whic...
CVE-2026-23376
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...
CVE-2026-23376
CVE-2026-23376 affects the Linux kernel nvmet-fcloop component. The vulnerability arises from not checking remoteport port_state before freeing resources in the fcloop_t2h_xmt_ls_rsp path, where lsrsp resources may be freed incorrectly if the remote port is not online. The fix updates fcloop_t2h_...