Lucene search
K

21 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: in-kernel: always sets ID as available when rm endp is called. Syzkaller managed to identify a combination of actions that caused this warning to occur: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable...

5.5CVSS6.4AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40722

Name of the Vulnerable Software and Affected Versions Goobi viewer versions 4.8.0 through 26.04.0 Description The REST endpoint "POST /api/v1/index/stream" accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them to the backend Solr server without...

9.8CVSS5.9AI score0.0041EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.16 views

SUSE CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References13
EUVD
EUVD
added 2026/05/06 12:30 p.m.5 views

EUVD-2026-27811

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

5.8AI score0.00095EPSS
Exploits0References7
CVE
CVE
added 2026/05/06 11:28 a.m.18 views

CVE-2026-43252

CVE-2026-43252 concerns the Linux kernel MPTCP subsystem (Multiswitch TCP). The issue arises in the in-kernel MPTCP path for removing endpoints, where code path __mark_subflow_endp_available/mptcp_pm_nl_fullmesh/mptcp_pm_nl_set_flags_all/mptcp_pm_nl_set_flags can trigger a kernel warning when a s...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.6 views

CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

5.5CVSS5.7AI score0.00095EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.31 views

CVE-2026-43252 mptcp: pm: in-kernel: always set ID as avail when rm endp

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

0.00095EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37592

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP path manager where the kernel fails to consistently set the ID as available when removing an endpoint. This can be triggered by specific...

7.8CVSS6.2AI score0.00126EPSS
Exploits0References275
NVD
NVD
added 2026/01/25 3:15 p.m.6 views

CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS0.00135EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/25 3:15 p.m.5 views

CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.6AI score0.00135EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/25 2:36 p.m.4 views

EUVD-2026-4619

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.2AI score0.00135EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/25 2:36 p.m.36 views

CVE-2026-23009 xhci: sideband: don't dereference freed ring when removing sideband endpoint

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

0.00135EPSS
Exploits0References2
CVE
CVE
added 2026/01/25 2:36 p.m.13 views

CVE-2026-23009

CVE-2026-23009 is a Linux kernel vulnerability in the xHCI sideband code where xhci_sideband_remove_endpoint() could dereference a non-existent transfer ring (ep->ring) during suspend/resume or re-enumeration, risking a crash. The fix adds a guard to only dereference ep->ring if it exists a...

5.5CVSS5.2AI score0.00135EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.5 views

PT-2026-4671

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci sideband remove endpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during...

5.2AI score0.00135EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-29622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless...

6.5CVSS6.6AI score0.1956EPSS
Exploits0References2
CVE
CVE
added 2025/05/16 2:9 p.m.53 views

CVE-2025-47791

The vulnerability CVE-2025-47791 affects Nextcloud Server (self-hosted) and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3. The issue is an improperly protected, currently unused endpoint used to verify a share recipient, which could proxy requests to another server. Affected v...

5.3CVSS4.5AI score0.00314EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/11 4:15 p.m.6 views

AZL-49182 CVE-2024-45010 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

5.5CVSS6.4AI score0.0022EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/21 4:15 p.m.24 views

CVE-2023-52771

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix deleteendpoint vs parent unregistration race The CXL subsystem, at cxlmem -probe time, establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL topology. Each port including th...

4.7CVSS6AI score0.00182EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.5 views

SUSE CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.1CVSS6.8AI score0.1956EPSS
Exploits0References11
Cvelist
Cvelist
added 2019/01/23 3:0 p.m.19 views

CVE-2019-3584 Exploitation of Authentication vulnerability

Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 18.11.31.62 allows authenticated administrator users -- administrators to Remove MVision Endpoint via unspecified vectors...

7.4CVSS7.2AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder