Lucene search
+L

4208 matches found

redhat
redhat
added yesterday4 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
osv
osv
added yesterday4 views

USN-8547-1 linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.8AI score0.09796EPSS
Exploits4References66
osv
osv
added yesterday6 views

USN-8546-1 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
osv
osv
added yesterday6 views

USN-8545-1 linux-hwe-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
nvd
nvd
added 2 days ago3 views

CVE-2026-50462

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00313EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-34346

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally...

5.5CVSS0.00207EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-57093

CVE-2026-57093 – Windows Ancillary Function Driver for WinSock is a reported use-after-free vulnerability in the WinSock ancillary function driver that can be exploited locally to achieve privilege escalation. The issue affects the specific Windows driver handling WinSock operations; successful e...

7CVSS6AI score0.00252EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago23 views

CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

7.8CVSS0.00313EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago23 views

CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

4.7CVSS0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago5 views

CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References1
cve
cve
added 2 days ago24 views

CVE-2026-34346

CVE-2026-34346 concerns the Windows Ancillary Function Driver for WinSock. The vulnerability enables an authorized, local attacker to disclose sensitive information due to cleartext transmission of data. The available records (NVD/NVD entry and CVE listing) describe the affected component and the...

5.5CVSS6AI score0.00207EPSS
Exploits0References1
redhat
redhat
added 5 days ago6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
redhat
redhat
added 6 days ago5 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.1AI score0.00228EPSS
Exploits0References7
ubuntu
ubuntu
added 6 days ago6 views

USN-8529-1: Linux kernel vulnerabilities

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-43503 Several security issues...

9.8CVSS6.9AI score0.00591EPSS
Exploits11
osv
osv
added 6 days ago1 views

SUSE-SU-2026:2839-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work bsc1255416. - CVE-2026-43198: tcp: fix potential race in tcpv6synrecvsock bsc1264610. ...

9.8CVSS6.7AI score0.00346EPSS
Exploits16References22
cve
cve
added 2026/07/09 5:8 p.m.16 views

CVE-2026-13461

CVE-2026-13461 affects PayRange Android app v7.0.7 where, when paired with an SSL-bypass vulnerability, JavaScript can be injected into the WebView, allowing sandbox escape and dangerous actions on the user device. The underlying issue is WebView JavaScript injection enabled by a compromised TLS ...

9.6CVSS6AI score0.0034EPSS
Exploits0References2
euvd
euvd
added 2026/07/09 5:8 p.m.7 views

EUVD-2026-42635

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

6AI score0.0034EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 11:16 p.m.6 views

CVE-2026-54776

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS0.00109EPSS
Exploits0References6
redhat
redhat
added 2026/07/07 8:2 p.m.40 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1292 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

5.3CVSS5.8AI score0.0071EPSS
Exploits0References15
Rows per page
Query Builder