157 matches found
Oxia affected by server crash via race condition in session heartbeat handling
Summary A race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close calls, this can lead to either a...
SUSE CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406
A flaw was found in the Linux kernel, specifically within its xfrm IP eXtensible FRamework component. This vulnerability arises from a race condition during network cleanup, where a scheduled task natkeepalivework can be re-activated and attempt to operate on memory that has already been freed...
EUVD-2026-19198
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
UBUNTU-CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406 xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
CVE-2026-31406
The CVE-2026-31406 issue is a race in the Linux kernel xfrm path during network cleanup. After cancel_delayed_work_sync() is invoked from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes states and __xfrm_state_delete() calls xfrm_nat_keepalive_state_updated(), which can re-schedule nat_k...
PT-2026-30574
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the xfrm subsystem related to the handling of delayed work cancellation in xfrm nat keepalive net fini. Specifically, the use of cancel delayed wo...
CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...
Linux Distros Unpatched Vulnerability : CVE-2026-31406
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes...
SUSE CVE-2026-33203
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
GO-2026-4752 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
CVE-2026-33203
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
CVE-2026-33203
CVE-2026-33203 affects SiYuan prior to 3.6.2. The SiYuan kernel WebSocket server accepts unauthenticated connections when an explicit auth keepalive parameter is present. After connection, messages are parsed with unchecked type assertions on attacker-controlled JSON, allowing a remote attacker t...
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
CVE-2026-33203
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...