275 matches found
SUSE-SU-2026:2989-1 Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.166 fixes various security issues The following security issues were fixed: - CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmcrelease bsc1264094. - CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1265197. -...
CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution
MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...
PT-2026-56562
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An authenticated MQTT client can subscribe to the internal $MQTT.deliver.pubrel subject family. This action allows the client to bypass configured subscribe...
kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...
Siemens RUGGEDCOM RST2428P Incorrect Bitwise Shift of Integer (CVE-2025-40281)
In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of- bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...
CVE-2026-40677
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...
CVE-2026-45865
A flaw was found in the Linux kernel's Message Control Transport Protocol MCTP over I2C Inter-Integrated Circuit implementation. A local attacker could exploit this vulnerability by performing I2C reads on an MCTP-I2C device. This could lead to the disclosure of uninitialized stack memory,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tipc: fixed a kernel panic that occurred when enabling a bearer. When enabling a bearer on a node, a kernel panic was observed: 4.498085 RIP: 0010:tipcmonprep+0x4e/0x130 tipc ... 4.520030 Call Trace: 4.520689 4.521236...
NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport
NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport vulnerability discovered by ? in WordPress Npm dynoxide versions = 0.9.3, 0.9.13...
CVE-2026-43457
A flaw was found in the Linux kernel's Management Component Transport Protocol MCTP over I2C receive path. When the midev-allowrx flag is false, a newly allocated network buffer skb is not properly freed. This memory leak can lead to a gradual exhaustion of system memory, potentially allowing a...
CVE-2026-43455
In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...
PT-2026-39118
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the MCTP Management Component Transport Protocol I2C receive path. When the midev-allow rx variable is set to false, the newly allocated s...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mctpflowprepareoutput function in the mctp route component. This function does not hold a...
CVE-2026-43029
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always find...
CVE-2026-37537
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
CVE-2026-37534
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...
CVE-2026-37537
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
Open SAE J1939 数字错误漏洞
Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles from the individual developer Daniel Mårtensson. Open SAE J1939 suffers from a numeric error vulnerability that stems from an integer underflow in the SAEJ1939ReadTransportProtocolDataTransfer function, which allow...
CVE-2026-37534
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...
CVE-2026-37535
OpenXC isotp-c (up to commit 5a5d19245f65189202719321facd49ce6f5d46ac, 2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler. The 4‑bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious C...