7 matches found
CVE-2026-45257
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
EUVD-2026-39780
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-45257
CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...
FreeBSD : FreeBSD -- Arbitrary file overwrite via the KTLS receive path (f2c4892a-6472-11f1-958d-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2c4892a-6472-11f1-958d-bc241121aa0a advisory. The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data wer...
EEF-CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney
Summary Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the...
EUVD-2006-5381
Malware in sbrugna...
CVE-2006-5396
The tcpfusercvdrain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service system crash via a TCP loopback connection with both endpoints on the same system...