25 matches found
GHSA-P86G-XRR2-PF7C CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. Preconditions An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBindin...
PT-2026-51069
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description An unauthenticated remote attacker can trigger premature EOF End of File handling during the framing handshake of the net.tcp, net.pipe, or net.uds components. This...
CVE-2026-10634
Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...
SUSE CVE-2026-43384
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
Linux Distros Unpatched Vulnerability : CVE-2026-43384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to b...
SUSE CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
UBUNTU-CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
UBUNTU-CVE-2026-43384
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2026-43384
The CVE-2026-43384 issue concerns the Linux kernel TCP Authentication Option (TCP-AO) where MACs were compared without constant-time handling. The connected documents confirm a fix was applied to make MAC comparisons constant-time, mitigating timing-attack leakage of sensitive information. The vu...
CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix showrcutaskstracegpkthread buffer overflow CVE-2024-38577 In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name CVE-2024-39494 In the...
CVE-2024-43887
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...
PT-2024-22368 · Corewcf · Corewcf
Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...
Code injection
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random...
ASB-A-207693368
In Modem UDP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for...
ASB-A-207646336
In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for...
Nut/Net TCP/IP Stack - HTTP Detection
Binary data nutnettcpipstackhttpdetect.nbin...
CVE-2019-8917
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...
Information Disclosure
openshift is vulnerable to information disclosure attacks. The vulnerability exists as Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update
Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...