CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD•added 2026/05/08 3:31 p.m.•4 views

EUVD-2026-28762

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

5.8AI score0.00013EPSS

Exploits0References5

OSV•added 2026/05/08 3:16 p.m.•2 views

UBUNTU-CVE-2026-43456

7.8CVSS5.7AI score0.00013EPSS

Exploits0References7

UbuntuCve•added 2026/05/08 3:16 p.m.•1 views

CVE-2026-43456

7.8CVSS5.7AI score0.00013EPSS

Exploits0References6

ATTACKERKB•added 2026/05/08 2:22 p.m.•2 views

CVE-2026-43456

5.7AI score0.00013EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/08 2:22 p.m.•3 views

CVE-2026-43456

CVE-2026-43456 affects the Linux kernel bonding driver. When a non-Ethernet device (e.g., GRE tunnel) is enslaved to a bond, bond_setup_by_slave() copies the slave’s header_ops to the bond device, causing a type confusion in header callbacks (e.g., ipgre_header) that use netdev_priv(dev). The res...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-39117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A type confusion exists in the bonding driver within the bond setup by slave function. When a non-Ethernet device, such as a GRE tunnel, is enslaved to a bond, the driver directly copies...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References8

EUVD•added 2026/04/22 3:31 p.m.•1 views

EUVD-2026-24879

In the Linux kernel, the following vulnerability has been resolved: team: fix headerops type confusion with non-Ethernet ports Similar to commit 950803f72547 "bonding: fix type confusion in bondsetupbyslave" team has the same class of headerops type confusion. For non-Ethernet ports,...

5.6AI score0.00015EPSS

Exploits0References5

NVD•added 2026/04/22 2:16 p.m.•0 views

CVE-2026-31502

7.8CVSS0.00015EPSS

Exploits0References4

CVE•added 2026/04/22 1:54 p.m.•5 views

CVE-2026-31502

CVE-2026-31502 : The connected sources detail a Linux kernel vulnerability involving a type confusion in the team network device’s header_ops for non-Ethernet ports. The root cause is that team_setup_by_port() can copy port_dev->header_ops and later callbacks (dev_hard_header/dev_parse_header)...

7.8CVSS5.6AI score0.00015EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/04/22 1:54 p.m.•26 views

CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports

7.8CVSS0.00015EPSS

Exploits0References4

OSV•added 2025/12/23 2:16 p.m.•2 views

AZL-78404 CVE-2025-68340 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of teamportadd Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device headerops. In the case of the syzbot reproducer the gr...

5.5CVSS5.6AI score0.0003EPSS

Exploits0References1

OSV•added 2025/12/23 2:16 p.m.•1 views

UBUNTU-CVE-2025-68340

5.5CVSS5.7AI score0.0003EPSS

Exploits0References35

CVE•added 2025/12/23 1:58 p.m.•16 views

CVE-2025-68340

CVE-2025-68340 (Linux kernel): A race/logic sequencing issue in the team device code can hang when adding a port device (e.g., gre0) configured as UP. Root cause: moving team_dev_type_check_change to after subsequent checks caused header_ops to switch from eth_header to ipgre_header mid-execution...

5.5CVSS6.2AI score0.0003EPSS

Exploits0References6Affected Software1

OSV•added 2025/12/23 1:58 p.m.•3 views

CVE-2025-68340 team: Move team device type change at the end of team_port_add

5.5CVSS6.5AI score0.0003EPSS

Exploits0References9

Cvelist•added 2025/12/23 1:58 p.m.•21 views

CVE-2025-68340 team: Move team device type change at the end of team_port_add

0.0003EPSS

Exploits0References6

UbuntuCve•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-68340

5.5CVSS5.9AI score0.0003EPSS

Exploits0References34

RedhatCVE•added 2024/09/20 5:16 a.m.•18 views

CVE-2024-45809

A flaw was found in Envoy. JWT filter will lead to a crash in Envoy when clearing the route cache with remote JWKs in the following cases: 1. Remote JWKs are used, which requires async header processing 2. clearroutecache is enabled on the provider 3. Header operations are enabled in JWT filter,...

7.5CVSS7AI score0.00129EPSS

Exploits0References4

Cvelist•added 2024/09/19 11:34 p.m.•29 views

CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

5.3CVSS0.00129EPSS

Exploits0References1

OSV•added 2024/03/02 10:15 p.m.•1 views

DEBIAN-CVE-2023-52574

In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer 1. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlandevhardheader+0x35/0x140 8021q...

5.5CVSS5.3AI score0.00006EPSS

Exploits0References1

OSV•added 2024/03/02 10:15 p.m.•2 views

UBUNTU-CVE-2023-52574

5.5CVSS6AI score0.00006EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by