Lucene search
K

268 matches found

CNVD
CNVD
added 2026/04/02 12:0 a.m.2 views

Linux kernel double release vulnerability (CNVD-2026-16036)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a double-release vulnerability, which stems from the bsgdone function resulting in a double-release that can be exploited by an attacker to cause the...

7.8CVSS5.9AI score0.00194EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:4 p.m.10 views

GHSA-4JCG-JXPF-5VQ3 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php

Summary The AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but performs no authentication or authorization checks before doing so. An...

7.5CVSS5.9AI score0.00479EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 9:4 p.m.5 views

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the onpublishdone.php process. An attacker can disrupt active live streams by sending crafted POST requests with...

8.7CVSS5.8AI score0.00479EPSS
Exploits1References2
NVD
NVD
added 2026/03/31 9:16 p.m.9 views

CVE-2026-34731

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...

7.5CVSS0.00479EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 8:50 p.m.28 views

CVE-2026-34731

WWBN AVideo (open source video platform) vulnerability in the Live plugin: in versions 26.0 and earlier, the on_publish_done.php RTMP callback endpoint allows unauthenticated termination of any active live stream. An attacker can enumerate active stream keys via the unauthenticated stats.json.php...

7.5CVSS6AI score0.00479EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 8:50 p.m.1 views

CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...

7.5CVSS6AI score0.00479EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29361

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on publish done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but...

7.5CVSS6AI score0.00479EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/29 4:55 p.m.4 views

CVE-2026-23400

A flaw was found in the Linux kernel's rustbinder component. A local user could potentially trigger a deadlock condition. This occurs when the setnotificationdone function is called while the proc lock is already held and the current thread is not a 'looper' a thread designed to handle specific...

5.8AI score0.0009EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/29 3:30 p.m.5 views

EUVD-2026-16993

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.8AI score0.0009EPSS
Exploits0References4
NVD
NVD
added 2026/03/29 1:16 p.m.5 views

CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.5CVSS0.0009EPSS
Exploits0References3
OSV
OSV
added 2026/03/29 1:16 p.m.6 views

UBUNTU-CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References3
OSV
OSV
added 2026/03/29 12:55 p.m.4 views

CVE-2026-23400 rust_binder: call set_notification_done() without proc lock

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:55 p.m.2 views

CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.8AI score0.0009EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/29 12:55 p.m.26 views

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/29 12:55 p.m.29 views

CVE-2026-23400 rust_binder: call set_notification_done() without proc lock

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

0.0009EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/29 12:55 p.m.4 views

CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.5CVSS5.4AI score0.0009EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from rustbinder calling setnotificationdone when holding the proc lock, potentially leading to a...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/25 12:20 p.m.4 views

CVE-2026-23376

A flaw was found in the Linux kernel's nvmet-fcloop component. This vulnerability occurs due to incorrect handling of resource freeing when the remote port state is not online. Specifically, the fcloopt2hxmtlsrsp routine fails to check the remoteport-portstate before calling a done callback, whic...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23376

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

5.5CVSS0.00117EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23376

CVE-2026-23376 affects the Linux kernel nvmet-fcloop component. The vulnerability arises from not checking remoteport port_state before freeing resources in the fcloop_t2h_xmt_ls_rsp path, where lsrsp resources may be freed incorrectly if the remote port is not online. The fix updates fcloop_t2h_...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder