VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1788 advisories across 32 monitored vendors.
avoid double drm_exec_fini() in userq validate. Red Hat rates this important (CVSS 7). Weakness: CWE-1341.
propagate nvmet_tcp_build_pdu_iovec() errors to its callers. Red Hat rates this important (CVSS 7). Weakness: CWE-390.
fix race between file release and pressure write. Red Hat rates this important (CVSS 7). Weakness: CWE-367.
fix double-free in tipc_buf_append(). Red Hat rates this important (CVSS 7). Weakness: CWE-763.
use kfree_rcu to release ops. Red Hat rates this important (CVSS 7). Weakness: CWE-763.
remove sprintf usage. Red Hat rates this important (CVSS 7). Weakness: CWE-787.
fix possible UAF in icmpv6_rcv(). Red Hat rates this important (CVSS 7). Weakness: CWE-825.
fix double-free of tx_buf skb. Red Hat rates this moderate (CVSS 7). Weakness: CWE-416.
ccp - copy IV using skcipher ivsize. Red Hat rates this moderate (CVSS 7). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:38491 with package kernel-0:5.14.0-687.25.1.el9_8. Affected product named by the advisory: Red Hat Enterprise Linux 9.
Add missing chan lock in l2cap_ecred_reconf_rsp. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-416.
pull headers in qdisc_pkt_len_segs_init(). Red Hat rates this important (CVSS 7). Weakness: CWE-131.
A flaw was found in the Linux kernel's WireGuard component. Under heavy network load, particularly when used with Cilium, the threaded NAPI (New API) implementation can cause the decryption side for a WireGuard peer to stop processing traffic. This leads to a complete stall of network communication for that peer, resulting in a Denial of Service (DoS) condition where data cannot be received. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel's netfilter logging component. This vulnerability occurs because the system does not properly check if a network packet's Media Access Control (MAC) header is valid before attempting to log it. A local attacker could send a specially crafted network packet, leading to an out-of-bounds read. This could result in the disclosure of sensitive information from kernel memory or cause a system crash, leading to a denial of service. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-125: Out-of-bounds Read. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition exists in the handling of the `accept_q` within the `bt_sock_poll()` function due to a lack of synchronization. This could allow a local attacker to cause a denial of service by manipulating socket operations during child teardown, leading to system instability. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-820: Missing Synchronization. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
A flaw was found in the Linux kernel's `io_uring/poll` component. A logic error exists in the `io_poll_get_ownership()` function due to an incorrect signed comparison. This flaw prevents the necessary slowpath from being triggered when the `IO_POLL_CANCEL_FLAG` is set, potentially leading to unexpected behavior or resource mismanagement within the kernel. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1024: Comparison of Incompatible Types. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel. The `espintcp` component, responsible for handling encrypted network traffic, incorrectly reuses a partial data transmission state. This can lead to an out-of-bounds read, which may allow an attacker to access sensitive information or cause other memory corruption issues. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-125: Out-of-bounds Read. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because a queued bridge packet can retain a freed bridge master in its skb->dev field until it is reinjected. When the packet is later reinjected, the system attempts to use the freed bridge master, leading to a use-after-free condition. This can result in system instability or a denial of service. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-911: Improper Update of Reference Count. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel's netfilter component, which is responsible for network packet filtering. This vulnerability, located in the `xt_policy` module, involves an error in how strict inbound network policies are matched. This could allow an attacker to bypass established security rules, potentially leading to unauthorized network access or unintended exposure of services. The flaw could compromise the effectiveness of network traffic control. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
A flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) diagnostics. When performing a socket diagnostic (sock_diag) lookup, the system may attempt to access memory related to an SCTP association that has already been freed. This can lead to an out-of-bounds read from unrelated memory, potentially allowing an attacker to access sensitive information or cause a system crash. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-825: Expired Pointer Dereference. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
A flaw was found in the Linux kernel's `tun` driver. An unprivileged user can exploit this vulnerability by setting the virtual network (vnet) header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the disclosure of 14 bytes of kernel stack memory. This information disclosure could potentially expose sensitive kernel data. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-909: Missing Initialization of Resource. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6.