Lucene search
K

158 matches found

NVD
NVD
added 2026/06/30 5:16 p.m.8 views

CVE-2026-58172

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS0.00412EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:54 p.m.25 views

CVE-2026-58172

CVE-2026-58172 affects Ocelot up to version 24.1.0. A security control bypass allows denied clients to bypass IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen omits SecurityMiddleware, causing requests from blocked IP...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/30 3:54 p.m.6 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:54 p.m.6 views

EUVD-2026-40353

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 3:54 p.m.2 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.9AI score0.00412EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/30 3:54 p.m.36 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53923

Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...

9.3CVSS6AI score0.00412EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fixed a crash that occurred when adding an interface under a latency condition. The commit 15faa1f67ab4 “lan966x: Fixed a crash that occurred when adding an interface under a latency condition” fixed a similar...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: mscc: ocelot: added missing lock protection in ocelotportxmitinj The ocelotportxmitinj function calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 5:3 a.m.11 views

CVE-2026-45849

A flaw was found in the Linux kernel's network component, specifically within the mscc: ocelot driver. The system failed to properly secure access to shared resources during network packet injection, leading to a missing lock protection vulnerability. This oversight could allow a local attacker t...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.16 views

SUSE CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.8AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32315

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.8AI score0.00136EPSS
Exploits0References7
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.5CVSS0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 2:16 p.m.9 views

UBUNTU-CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/27 12:15 p.m.41 views

CVE-2026-45849 net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

0.00136EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/27 12:15 p.m.13 views

CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.5CVSS5.7AI score0.00136EPSS
Exploits0
CVE
CVE
added 2026/05/27 12:15 p.m.26 views

CVE-2026-45849

The CVE-2026-45849 issue affects the Linux kernel’s mscc: ocelot network driver. The vulnerability occurred because ocelot_port_xmit_inj() invoked ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock, despite lockdep_assert_held() checks in those functions. ...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/27 12:15 p.m.3 views

CVE-2026-45849 net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.5CVSS5.9AI score0.00136EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of injection group lock protection in the ocelotportxmitinj function of the net mscc ocelot...

5.8AI score0.00136EPSS
Exploits0References6
Rows per page
Query Builder