Lucene search
K

159 matches found

EUVD
EUVD
added 2026/06/25 8:38 a.m.4 views

EUVD-2026-39274

In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...

5.7AI score0.00506EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...

8.3CVSS7.5AI score0.00856EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.10 views

FreeBSD Security Advisory - FreeBSD-SA-26:31.arm64

FreeBSD Security Advisory - Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store...

9.1CVSS5.4AI score0.00474EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when...

5.5CVSS5.8AI score0.00153EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.11 views

SUSE CVE-2026-45889

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

5.8AI score0.00153EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32355

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

5.8AI score0.00153EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45889

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

5.5CVSS0.00153EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-45889

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

5.7CVSS5.7AI score0.00153EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.40 views

CVE-2026-45889 mptcp: do not account for OoO in mptcp_rcvbuf_grow()

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 12:17 p.m.18 views

CVE-2026-45889

Summary: CVE-2026-45889 affects the Linux kernel’s Multipath TCP (MPTCP). The root cause is incorrect accounting for Out-of-Order (OoO) data in mptcp_rcvbuf_grow(), causing the MPTCP receive buffer to drift toward tcp_rmem[2]. The vulnerability is linked to a subtle race during rcvspace initializ...

5.5CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/27 12:17 p.m.13 views

CVE-2026-45889

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

5.5CVSS5.7AI score0.00153EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect processing of out-of-order data during the mptcp receive buffer expansion. This can...

6AI score0.00153EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.12 views

CVE-2026-45889

mptcp: do not account for OoO in mptcprcvbufgrow...

5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43756

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where accounting for Out-of-Order OoO packets in the mptcp rcvbuf grow function causes the receive buffer to drift toward tcp...

6AI score0.00153EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/05/12 12:57 p.m.11 views

CVE-2026-44600

A flaw was found in Tor. This vulnerability occurs due to mishandling of the conflux out-of-order queue accounting during queue clearing. A remote attacker with high attack complexity could exploit this flaw, leading to a denial of service...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.11 views

SUSE CVE-2026-44600

Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.15 views

SUSE CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:17 a.m.15 views

EUVD-2026-28304

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

3.7CVSS5.8AI score0.0033EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 3:17 a.m.11 views

CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

3.7CVSS5.8AI score0.0033EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:17 a.m.12 views

CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

3.7CVSS5.8AI score0.0033EPSS
Exploits0References5
Rows per page
Query Builder