Lucene search
K

293 matches found

CVE
CVE
added 2026/04/03 3:15 p.m.23 views

CVE-2026-23438

In the Linux kernel mvpp2 driver, CVE-2026-23438 arises from an unconditional access to CM3 flow control via mvpp2_cm3_read()/mvpp2_cm3_write() in mvpp2_bm_switch_buffers(), when priv->cm3_base is NULL (e.g., CM3 SRAM not present in device tree). This can crash the kernel on MTU changes that c...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.5 views

CVE-2026-23438

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs CM3...

5.8AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.19 views

CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs CM3...

0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.16 views

PT-2026-30133

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking subsystem, specifically within the mvpp2 module. The mvpp2 bm switch buffers function does not properly check for a NULL pointer in priv-cm...

9.3CVSS6.1AI score0.00197EPSS
Exploits0References440
EUVD
EUVD
added 2026/03/30 9:31 p.m.11 views

EUVD-2026-17176

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.5AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 8:16 p.m.6 views

ALPINE-CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS5.9AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.4AI score0.00454EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 7:7 p.m.35 views

CVE-2026-21714

CVE-2026-21714 is a memory leak in Node.js HTTP/2 that occurs when a client sends WINDOW_UPDATE frames on stream 0, preventing proper Http2Session cleanup and potentially exhausting resources. Affected: Node.js 20, 22, 24, and 25. Connected advisories report fixes in downstream distributions: e.g...

5.3CVSS6.5AI score0.00454EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.5AI score0.00454EPSS
Exploits0
Snyk
Snyk
added 2026/03/26 7:34 a.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in HTTP/2 servers that triggers when a client sends WINDOWUPDATE frames on stream 0 that cause the flow control window to exceed $2^31-1$. Although the server responds with a GOAWAY...

6.9CVSS6.3AI score0.00454EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 6:22 p.m.6 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.6AI score0.00413EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 6:22 p.m.5 views

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.6AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 6:22 p.m.9 views

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.7AI score0.00413EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 6:22 p.m.17 views

CVE-2026-21435

Technical details for CVE-2026-21435 are not publicly available in the provided connected documents. Monitor for updates.

7.5CVSS5.6AI score0.00413EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/02/12 3:29 p.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the CloseWithError function. An attacker can cause the process to hang indefinitely by withholding QUIC flow control credit on the CONNECT stream, which prevents the transmission of the...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.12 views

webtransport-go: CloseWithError can block indefinitely

Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...

7.5CVSS5.7AI score0.00413EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7869

Name of the Vulnerable Software and Affected Versions webtransport-go versions prior to 0.10.0 Description A malicious peer can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. Specifically, a peer can withhold QUIC flow control...

9.9CVSS5.9AI score0.27661EPSS
Exploits45References118
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.5 views

Optimizing Agent Planning for Security and Autonomy

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies, but currently appear costly: they reduce task completion...

5.6AI score
Exploits0
Rows per page
Query Builder