1185 matches found
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
CVE-2026-11779
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
CVE-2026-11779
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
EUVD-2026-39799
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
CVE-2026-11779
Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-11779 PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
SUSE CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-49319
Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...
CVE-2026-49319 Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack
Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...
CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
UBUNTU-CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53244 VFS: fix possible failure to unlock in nfsd4_create_file()
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53244
CVE-2026-53244 concerns the Linux kernel NFSD component. When exporting a filesystem with the atomic_create hook, an error from atomic_create() could cause nfsd4_create_file() to fail unlocking the parent directory, risking resource exhaustion and potential DoS. The root cause is that dentry hand...
CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53240
CVE-2026-53240 concerns a use-after-free in the Linux kernel xfrm: iptfs partial reassembly logic (__input_process_payload). The bug occurs when first_skb is saved to xtfs->ra_newskb under drop_lock and a concurrent path may complete reassembly, NULL the ra_newskb, and free the skb before the ...
PT-2026-52339
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A failure to unlock the parent directory occurs in the nfsd4 create file function. This happens when the NFSD exports a filesystem using atomic create and that function returns an error...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed error handling for pcislottrylock The commit a4e772898f8b “PCI: Added bridge lock to pcibuslock” delegates the bridge device’s pcidevtrylock to pcibustrylock in pcislottrylock. However, it forgot to remove the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: nbd: The defer config unlock in nbdgenlconnect has been fixed. There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect: nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: nfsd: Check that the server is running in unlockfilesystem. If we try to unlock the filesystem via an administrative interface, and nfsd is not running, it will cause the server to crash. This occurs currently because the...