Lucene search
K

473 matches found

Metasploit
Metasploit
added 4 days ago13 views

FTP Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an FTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/ftp/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show option...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago4 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week5 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week8 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 9:48 a.m.5 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 12:20 a.m.7 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:8 a.m.7 views

sctp: purge outqueue on stale COOKIE-ECHO handling

...

9.8CVSS5.8AI score0.00335EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 11:54 p.m.7 views

CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

9.1CVSS5.9AI score0.00547EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.7 views

CVE-2026-53070

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP over User Datagram Protocol UDP implementation. An issue with managing the transmission context across different processing units could lead to incorrect recursion level detection. This can cause network packets to b...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53246

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

9.8CVSS5.9AI score0.00481EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52341

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SCTP server's processing of COOKIE ECHO chunks. When parsing the cached peer INIT chunk embedded after the cookie, the system fails to validate the chunk header leng...

9.8CVSS6.1AI score0.00481EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52320

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the sctp rcv asconf lookup function in net/sctp/input.c fails to properly validate the length of an ASCONF chunk. The function verifies i...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.7 views

CVE-2026-52929

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP stream handling. When an attempt to add outgoing streams is denied, the system fails to fully roll back the associated state. This incomplete rollback can leave behind stale stream metadata, which a subsequent stream...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.8 views

CVE-2026-52924

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. This vulnerability, a use-after-free, occurs when the system processes a Stale Cookie ERROR during the setup or reconfiguration of an SCTP association. A remote attacker could exploit this by sending...

9.8CVSS5.9AI score0.00335EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53070

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

7.5CVSS0.0035EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38938

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

5.7AI score0.0035EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: SCTP: The instruction “move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT” has been fixed. A null-ptr-deref issue was reported in the SCTP transmission path when the SCTP-AUTH key initialization fails:...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: sctp: Linearize cloned GSO packets in sctprcv. The cloned headskb still shares these frag SKBs in the fraglist with the original headskb. Accessing these frag SKBs is not safe. syzbot reported two bugs caused by the use of...

7.8CVSS6.7AI score0.00151EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:16 a.m.4 views

UBUNTU-CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.6AI score0.00335EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52917

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

7.1CVSS5.6AI score0.00126EPSS
Exploits0References11
Rows per page
Query Builder