4208 matches found
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
USN-8547-1 linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...
USN-8546-1 linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
USN-8545-1 linux-hwe-6.17 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
CVE-2026-50462
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-34346
Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally...
CVE-2026-57093
CVE-2026-57093 – Windows Ancillary Function Driver for WinSock is a reported use-after-free vulnerability in the WinSock ancillary function driver that can be exploited locally to achieve privilege escalation. The issue affects the specific Windows driver handling WinSock operations; successful e...
CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
...
CVE-2026-34346
CVE-2026-34346 concerns the Windows Ancillary Function Driver for WinSock. The vulnerability enables an authorized, local attacker to disclose sensitive information due to cleartext transmission of data. The available records (NVD/NVD entry and CVE listing) describe the affected component and the...
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
USN-8529-1: Linux kernel vulnerabilities
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-43503 Several security issues...
SUSE-SU-2026:2839-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work bsc1255416. - CVE-2026-43198: tcp: fix potential race in tcpv6synrecvsock bsc1264610. ...
CVE-2026-13461
CVE-2026-13461 affects PayRange Android app v7.0.7 where, when paired with an SSL-bypass vulnerability, JavaScript can be injected into the WebView, allowing sandbox escape and dangerous actions on the user device. The underlying issue is WebView JavaScript injection enabled by a compromised TLS ...
EUVD-2026-42635
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...
CVE-2026-54776
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
PYSEC-2026-1292 dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...