Lucene search
K

308 matches found

NVD
NVD
added 2026/03/25 11:16 a.m.5 views

CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

7.1CVSS0.00132EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the UAC3 AC header descriptor verifier using an incorrect protocol version, potentially leading to...

7.1CVSS5.8AI score0.00132EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/16 4:32 p.m.22 views

CVE-2026-4252 Tenda AC8 IPv6 check_is_ipv6 ip address for authentication

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function checkisipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and mig...

10CVSS0.0126EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/07 5:19 a.m.2 views

CVE-2026-30827 express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/02/14 3:9 p.m.4 views

CVE-2026-23124

In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...

5.5CVSS5.2AI score0.00114EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/06 6:2 p.m.29 views

CVE-2026-2061 D-Link DIR-823X set_ipv6 sub_424D20 os command injection

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub424D20 of the file /goform/setipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

5.8CVSS0.04296EPSS
Exploits1References5
CVE
CVE
added 2026/02/04 4:7 p.m.28 views

CVE-2026-23072

CVE-2026-23072: Linux kernel l2tp memleak in l2tp_udp_encap_recv() fixed by adding proper error handling after protocol version validation; the patch ensures l2tp_session_put() is called to avoid leaking objects (l2tp_session, l2tp_tunnel, sock). References indicate the commit addresses a memory‑...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/04 4:7 p.m.6 views

CVE-2026-23072 l2tp: Fix memleak in l2tp_udp_encap_recv().

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References6
OSV
OSV
added 2026/01/30 5:34 a.m.5 views

CVE-2025-12899 net: icmp: Out of bound memory read

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem...

6.5CVSS5.8AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2026/01/27 7:16 p.m.4 views

CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

6.5CVSS0.00315EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 11:36 a.m.1 views

SUSE-SU-2026:0293-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...

7.8CVSS6.4AI score0.00319EPSS
Exploits0References692
Cvelist
Cvelist
added 2026/01/25 2:36 p.m.39 views

CVE-2026-23010 ipv6: Fix use-after-free in inet6_addr_del().

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6addrdel. syzbot reported use-after-free of inet6ifaddr in inet6addrdel. 0 The cited commit accidentally moved ipv6deladdr for mngtmpaddr before reading its ifp-flags for temporary addresses in...

7.8CVSS0.00182EPSS
Exploits0References5
OSV
OSV
added 2026/01/22 3:19 p.m.3 views

SUSE-SU-2026:0246-1 Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.91 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq in...

7.8CVSS6.9AI score0.00202EPSS
Exploits2References21
SUSE Linux
SUSE Linux
added 2026/01/20 9:5 p.m.8 views

Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Che...

9.2CVSS7.3AI score0.0018EPSS
Exploits2References40
Redos
Redos
added 2026/01/19 12:0 a.m.8 views

ROS-20260119-7354

A vulnerability in the ndiscsendskb function of the net/ipv6/ndisc.c module of the Linux kernel IPv6 protocol implementation is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protect...

7.8CVSS7.8AI score0.09117EPSS
Exploits0
EUVD
EUVD
added 2026/01/15 8:17 p.m.4 views

EUVD-2026-2681

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service DoS. When an ICMP...

7.1CVSS6.2AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2026/01/13 4:16 p.m.2 views

UBUNTU-CVE-2025-71080

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6getpcpuroute under PREEMPTRT On PREEMPTRT kernels, after rt6getpcpuroute returns NULL, the current task can be preempted. Another task running on the same CPU may then execute rt6makepcpuroute and successful...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-71098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to...

5.5CVSS6.3AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:32 a.m.11 views

SUSE CVE-2022-50816

In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug in ip6gre tunnel dev:ip6gretap0 Since ipv6 mcast code makes sure to read dev-mtu once and applies a sanity check on it see commit...

4.4CVSS6.3AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-52952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the networking component related to IPv4 address handling. Specifically, a memory leak occurs in the inet del ifa function when deleting an IPv4...

6.5AI score0.00173EPSS
Exploits0
Rows per page
Query Builder