SUSE CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

CVE-2026-45835

In the Linux kernel, the Bluetooth L2CAP subsystem was vulnerable to a null-pointer dereference in l2cap_sock_new_connection_cb(). The issue was mitigated by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(), aligning the code with existing guards. Aff...

PT-2026-43303

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the Bluetooth L2CAP component within the l2cap sock new connection cb function. A null pointer dereference is a runtime error that happens when a...

smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

...

CVE-2026-23228

The CVE-2026-23228 issue is in the Linux kernel smb server (ksmbd) where, on ksmbd_tcp_new_connection() failure, free_transport() did not decrement active_num_conn, leaking the counter. This occurs in the kthread_run() path during transport cleanup. The documented fix replaces free_transport() wi...

CVE-2026-23228

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...

EUVD-2025-8249

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-22189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of...

Linux Distros Unpatched Vulnerability : CVE-2024-26592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbdtcpnewconnection The race is between the handling of a new TCP...

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevention of use-after-free in erdmaacceptnewconn After the erdmacepputnewcep function is called, newcep will be freed. The subsequent dereferencing of newcep may lead to a Use-After-Free UAF issue. This issue has be...

SUSE CVE-2022-49138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions...

UBUNTU-CVE-2022-49138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions...

CVE-2024-12343

A vulnerability classified as critical has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be...

TP-LINK VN020 安全漏洞

The TP-LINK VN020 is a wireless modem from China P&L TP-LINK. A security vulnerability exists in TP-Link VN020 F3vT TTV6.2.1021 version, which originates from a buffer overflow in the parameter NewConnectionType in the component SOAP request handler. An attacker can exploit this vulnerability to...

quic-go: memory exhaustion attack against QUIC's connection ID mechanism

A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame, but the attacker can preve...

CVE-2023-6964

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadenceimportgetnewconnectiondata' AJAX action. This makes it possible for authenticated attackers, with...

SUSE CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...