Lucene search
K

23 matches found

NVD
NVD
added 2026/06/15 4:16 p.m.9 views

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

5.3CVSS0.00274EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for...

9.8CVSS7.2AI score0.00457EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.9 views

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 3:16 p.m.10 views

UBUNTU-CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References20
OSV
OSV
added 2026/05/08 3:16 p.m.7 views

UBUNTU-CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References14
CVE
CVE
added 2026/05/08 2:21 p.m.21 views

CVE-2026-43384

The CVE-2026-43384 issue concerns the Linux kernel TCP Authentication Option (TCP-AO) where MACs were compared without constant-time handling. The connected documents confirm a fix was applied to make MAC comparisons constant-time, mitigating timing-attack leakage of sensitive information. The vu...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References9Affected Software1
Amazon
Amazon
added 2024/10/02 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix showrcutaskstracegpkthread buffer overflow CVE-2024-38577 In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name CVE-2024-39494 In the...

7.8CVSS7.2AI score0.00306EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/08/26 11:15 a.m.17 views

CVE-2024-43887

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...

4.7CVSS6.4AI score0.00189EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.9 views

PT-2024-22368 · Corewcf · Corewcf

Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...

7.5CVSS7.1AI score0.00579EPSS
Exploits0References9
Prion
Prion
added 2023/10/10 5:15 p.m.20 views

Code injection

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random...

6.4CVSS9.2AI score0.00871EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/01 12:0 a.m.11 views

ASB-A-207646336

In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for...

9.1CVSS7.2AI score0.0215EPSS
Exploits0References1
OSV
OSV
added 2022/01/01 12:0 a.m.12 views

ASB-A-207693368

In Modem UDP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for...

9.1CVSS7.2AI score0.01578EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/05/14 12:0 a.m.15 views

Nut/Net TCP/IP Stack - HTTP Detection

Binary data nutnettcpipstackhttpdetect.nbin...

7.3AI score
Exploits0References1
OSV
OSV
added 2019/02/18 7:29 p.m.4 views

CVE-2019-8917

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...

9.8CVSS7.9AI score0.36448EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:3 a.m.25 views

Information Disclosure

openshift is vulnerable to information disclosure attacks. The vulnerability exists as Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp...

2.1CVSS5.4AI score0.00378EPSS
Exploits0References36Affected Software113
RedHat Linux
RedHat Linux
added 2014/11/25 6:19 p.m.4 views

OpenShift: /proc/net/tcp information disclosure

It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further...

2.1CVSS5.7AI score0.00378EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/11/25 6:19 p.m.28 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

7.5CVSS5.7AI score0.02019EPSS
Exploits0References10
Cvelist
Cvelist
added 2014/11/13 3:0 p.m.35 views

CVE-2014-3602

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp...

6.1AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder