Lucene search
K

1243 matches found

SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

5.8AI score0.00129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 11:11 p.m.12 views

CVE-2026-43248

A flaw was found in the Linux kernel's vhost subsystem. Specifically, a bug in the vdpasim component allows for an out-of-bounds write when a valid ASID Address Space ID is incorrectly assigned to a vDPA virtio Data Path Acceleration group. This could lead to memory corruption, potentially...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2026-27809

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

5.8AI score0.00129EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.7 views

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.11 views

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

5.8AI score0.00129EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.24 views

CVE-2026-43248

In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-43248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. Whi...

7.8CVSS7AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37588

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vhost component where the vdpa group bound check was duplicated, increasing the risk of a parent driver omitting the check. Additionally, a bug in vdpa sim allows ...

7.8CVSS7AI score0.00129EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014646 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

8.2CVSS5.3AI score0.00496EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/22 5:6 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the HTTP vhost routing process when routeByHTTPUser is used for access control. An attacker can gain unauthorized access to protected backend services by sending proxy-style requests that use a known or guesse...

9.1CVSS5.5AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 9:16 p.m.13 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS0.00269EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 8:9 p.m.32 views

CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

6.5CVSS0.00269EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 8:9 p.m.5 views

CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

6.5CVSS5.8AI score0.00269EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 8:9 p.m.11 views

EUVD-2026-24477

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

6.5CVSS5.8AI score0.00269EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/04/21 8:9 p.m.8 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS5.5AI score0.00269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010751 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...

5.5CVSS5.7AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

frp 授权问题漏洞

FRP is an internal penetration reverse proxy tool developed by Fatedier’s developers. Versions of FRP from 0.43.0 to 0.68.0 have vulnerabilities related to authorization. These vulnerabilities arise from using routeByHTTPUser for access control. In this scenario, the HTTP vhost routing path...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006774 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

5.5CVSS6.4AI score0.00271EPSS
Exploits0References3
Redos
Redos
added 2026/04/07 12:0 a.m.8 views

ROS-20260407-73-0001

A vulnerability in the vhostscsisetendpoint and vhostscsiclearendpoint functions in the drivers/vhost/scsi.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability...

7.8CVSS6.6AI score0.00183EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/03/26 12:43 p.m.11 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...

8.5CVSS6.6AI score0.0071EPSS
Exploits0References288
Rows per page
Query Builder