5186 matches found
CVE-2026-64044
In the Linux kernel, the following vulnerability has been resolved: ovpn: respect peer refcount in CMDNEWPEER error path ovpnnlpeernewdoit's error path calls ovpnpeerrelease directly rather than ovpnpeerput, bypassing the kref. The accompanying comment "peer was not yet hashed, thus it is not use...
CVE-2026-64024
In the Linux kernel, the following vulnerability has been resolved: tcp: fix stale per-CPU tcptwisn leak enabling ISN prediction Blamed commit moved the TIMEWAIT-derived ISN from the skb control block to a per-CPU variable, assuming the value would always be consumed by tcpconnrequest for the sam...
CVE-2026-64007
CVE-2026-64007 concerns the Linux kernel netfilter synproxy path. The vulnerability arises when synproxy_tstamp_adjust() rewrites the TCP timestamp option and updates the TCP checksum via inet_proto_csum_replace4() on a caller-supplied tcphdr. If skb_ensure_writable() frees the old skb header bet...
CVE-2026-63870 ieee802154: 6lowpan: only accept IPv6 packets in lowpan_xmit()
In the Linux kernel, the following vulnerability has been resolved: ieee802154: 6lowpan: only accept IPv6 packets in lowpanxmit The aoe driver or similar generates a non-IPv6 packet e.g., ETHPAOE and queues it for transmission via devqueuexmit on a 6LoWPAN interface configured by the user or test...
CVE-2026-63870
The CVE-2026-63870 issue affects the Linux kernel’s ieee802154 6lowpan path: when a non-IPv6 packet (e.g., ETH_P_AOE from an aoe-like driver) is queued for transmission on a 6LoWPAN interface, the lowpan header creation exits early and the transmit path copies uninitialized lowpan_addr_info from ...
CVE-2026-63821 wifi: rtw88: usb: fix memory leaks on USB write failures
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: fix memory leaks on USB write failures When rtwusbwriteport fails to submit a USB Request Block URB e.g., due to device disconnect or ENOMEM, the completion callback is never executed. Currently, the driver...
EUVD-2026-45487
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: fix memory leaks on USB write failures When rtwusbwriteport fails to submit a USB Request Block URB e.g., due to device disconnect or ENOMEM, the completion callback is never executed. Currently, the driver...
Fujitsu IP Series - Hardcoded Credentials
Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...
CVE-2026-34346
Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally...
CVE-2026-50307 Windows TCP/IP Elevation of Privilege Vulnerability
...
CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability
...
CVE-2026-50306
CVE-2026-50306 is a Windows TCP/IP use-after-free vulnerability that allows an authorized, local attacker to elevate privileges. Affected component is the Windows TCP/IP stack; impact is local privilege escalation with high severity (CVSS 3.1: 7.8). Microsoft has released updates (KB5095051, KB50...
KB5099445: Windows Server 2012 Security Update (July 2026)
The remote Windows host is missing security update 5099445. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network. CVE-2026-58594 - Heap-based buffer overflow in Windows Message Queuing...
SUSE-SU-2026:2886-1 Security update for libslirp
This update for libslirp fixes the following issues: - CVE-2026-9539: TCP URG out of bounds heap read information leak bsc1268903...
FTP Fetch, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an FTP server. Listen for an IPv6 connection Windows x86 Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options...
FTP Fetch, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an FTP server. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection with UUID Support Windows x64 Module Options This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2026-57023
The CVE concerns Juniper Junos OS on MX Series with SPC3 and SRX Series where a TCP proxy plugin can crash the flowd daemon via a specifically malformed TCP header during a flow session (to support ALGs/Advanced Anti‑Malware/ICAP/UTM). This is caused by improper validation of a specified quantity...
CVE-2026-51606
An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...