Lucene search
K

157 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 11:15 p.m.8 views

Oxia affected by server crash via race condition in session heartbeat handling

Summary A race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close calls, this can lead to either a...

8.7CVSS6AI score0.00202EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.7 views

SUSE CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7CVSS5.7AI score0.00159EPSS
Exploits0References40
RedhatCVE
RedhatCVE
added 2026/04/06 11:52 a.m.4 views

CVE-2026-31406

A flaw was found in the Linux kernel, specifically within its xfrm IP eXtensible FRamework component. This vulnerability arises from a race condition during network cleanup, where a scheduled task natkeepalivework can be re-activated and attempt to operate on memory that has already been freed...

7.8CVSS5.9AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/06 9:31 a.m.3 views

EUVD-2026-19198

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

5.7AI score0.00159EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 8:16 a.m.3 views

CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7.8CVSS0.00159EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 8:16 a.m.11 views

UBUNTU-CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7.8CVSS5.7AI score0.00159EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/04/06 7:38 a.m.2 views

CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7.8CVSS5.2AI score0.00159EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/06 7:38 a.m.33 views

CVE-2026-31406 xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7.8CVSS0.00159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:38 a.m.5 views

CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

5.7AI score0.00159EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/06 7:38 a.m.23 views

CVE-2026-31406

The CVE-2026-31406 issue is a race in the Linux kernel xfrm path during network cleanup. After cancel_delayed_work_sync() is invoked from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes states and __xfrm_state_delete() calls xfrm_nat_keepalive_state_updated(), which can re-schedule nat_k...

7.8CVSS5.7AI score0.00159EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30574

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the xfrm subsystem related to the handling of delayed work cancellation in xfrm nat keepalive net fini. Specifically, the use of cancel delayed wo...

7.8CVSS5.7AI score0.00159EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2026/04/06 12:0 a.m.5 views

CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7.8CVSS5.7AI score0.00159EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31406

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes...

7.8CVSS6.3AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.5 views

SUSE CVE-2026-33203

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 6:14 p.m.4 views

GO-2026-4752 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel

SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

7.5CVSS5.8AI score0.00497EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 11:16 p.m.10 views

CVE-2026-33203

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS0.00497EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 10:32 p.m.28 views

CVE-2026-33203

CVE-2026-33203 affects SiYuan prior to 3.6.2. The SiYuan kernel WebSocket server accepts unauthenticated connections when an explicit auth keepalive parameter is present. After connection, messages are parsed with unchecked type assertions on attacker-controlled JSON, allowing a remote attacker t...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 10:32 p.m.3 views

CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:32 p.m.2 views

CVE-2026-33203

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 10:32 p.m.6 views

CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS6.4AI score0.00497EPSS
Exploits1References3
Rows per page
Query Builder