21 matches found
CVE-2026-37229
FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...
EUVD-2026-29033
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-27028
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fixed the detection of protocol fallback using BPF. The sockmap feature allows for BPF syscall from user space, or based on BPF sockops, replacing the skprot of sockets during protocol stack processing with sockmap’s...
EUVD-2025-203669
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...
Linux Distros Unpatched Vulnerability : CVE-2018-14625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition betwe...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
SUSE CVE-2023-52986
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. The variant depends on the socket'...
CVE-2023-52986
CVE-2023-52986 is a Linux kernel issue affecting bpf, sockmap where a listening socket linked to a sockmap can have its sk_prot overridden to a variant in tcp_bpf_prots. The root cause is that cloning a child from a TCP listener checked only for the TCP_BPF_BASE proto variant, whereas the listene...
The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.
The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments called PiTool. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
kernel: data races around sk->sk_prot
A data race problem was found in sk-skprot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service...
CVE-2022-3629
A memory leak flaw was found in the Linux kernel’s Virtual Socket Protocol. This flaw allows a local user to crash the system...
Vulnerability of the connect() and close() functions in Linux kernel, allowing attackers to gain unauthorized access to protected information
The vulnerability of the connect and close functions in the Linux operating system’s kernel is related to synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the AFVSOC...
UBUNTU-CVE-2018-14625
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte information leak or possibly intercept o...
glusterfs: fragment header infinite loop DoS
A denial of service flaw was found in the way the socketprotostatemachine function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop...
Time and Expense Management System - Multiple Vulnerabilities
Time and Expense Management System - Multiple Vulnerabilities ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3433 / 3436 / 3445)
This update of the SUSE Linux Enterprise Server 11 SP1 kernel brings the kernel to 2.6.32.24 and fixes some critical security bugs and other non-security bugs. Following security bugs were fixed : - A iovec integer overflow in RDS sockets was fixed which could lead to local attackers gaining kern...