Lucene search
K

4162 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51721

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AF UNIX implementation where SIOCATMARK, which reports if the receive queue is at the urgent mark for MSG OOB Out-of-Band data, is incorrectly supported on...

6AI score0.00114EPSS
Exploits0References18
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS0.00101EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 2:49 p.m.4 views

SUSE-SU-2026:2592-1 Security update for the Linux Kernel (Live Patch 79 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.299 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race...

9.8CVSS5.9AI score0.0049EPSS
Exploits7References9
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.8 views

CVE-2026-47139

A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as httpclient and httpserver. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public...

8.6CVSS5.8AI score0.00282EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.12 views

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

9.8CVSS7.2AI score0.96267EPSS
Exploits282References15
OSV
OSV
added 2026/06/22 11:17 p.m.2 views

USN-8462-1 linux-oracle-5.15 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS6.1AI score0.96267EPSS
Exploits282References15
RedHat Linux
RedHat Linux
added 2026/06/22 5:29 a.m.5 views

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS6.1AI score0.00137EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8441-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8441-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

7.8CVSS6.6AI score0.96267EPSS
Exploits229References7
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-6733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an...

3.7CVSS7.1AI score0.00228EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.10 views

GHSA-P86G-XRR2-PF7C CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake

Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. Preconditions An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBindin...

7.5CVSS5.9AI score0.00476EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/19 7:3 p.m.217 views

Quectel Cellular Modem Pivot (Serial AT)

Opens a serial connection to a Quectel cellular modem and registers it as a 'modem' session capable of network pivoting. The Quectel modems have a limited number of sockets available, configurable using MODEMSOCKETS. Once the session is established, it can be routed through using the route comman...

6AI score
Exploits0
EUVD
EUVD
added 2026/06/19 2:19 p.m.19 views

EUVD-2026-37769

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tcp: Prevent concurrent execution of tcpskexitbatch It is possible that two threads call tcpskexitbatch concurrently. This could happen either from the cleanupnetworkqueue or from a task that fails to clone a new netns. In the...

5.5CVSS6.3AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE The Bind lookup operation is executed under RCU; therefore, ensure that a socket does not disappear during the middle of a lookup operation...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nbd: restricts sockets to TCP and UDP Recently, syzbot began abusing NBD using various types of sockets. The commit cf1b2326b734 “nbd: verify that sockets are supported during setup” ensured that the socket supported a shutdown...

5.9AI score0.00183EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In ipcheckmcrcu of igmp.c, there is a potential use after free due to improper locking. This could lead to a local escalation of privileges when opening and closing inet sockets, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...

7CVSS6.8AI score0.00141EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Added checks for skisinet and ISICSK in tlsswhasctxtx/rx. With the introduction of support for vsock and Unix sockets in sockmap, tlsswhasctxtx/rx cannot assume that the socket passed in must be of type ISICSK. Sockets of...

5.5CVSS6.5AI score0.00221EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The IPv6 implementation in the Linux kernel before version 6.3 has a maxsize threshold in the net/ipv6/route.c file that can be easily exceeded. This can lead to a denial of service condition, where the network becomes unreachable, resulting in errors when IPv6 packets are sent through a raw sock...

7.5CVSS6.5AI score0.0094EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in OpenSSL

The function X509VERIFYPARAMadd0policy is documented as implicitly enabling the certificate policy check during certificate verification. However, the implementation of this function does not actually enable the policy check, allowing certificates with invalid or incorrect policies to pass the...

5.3CVSS6.7AI score0.01625EPSS
Exploits0References2
Rows per page
Query Builder