Lucene search
K

2561 matches found

Vulnrichment
Vulnrichment
added 2026/07/08 4:14 p.m.4 views

CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6AI score0.00446EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 4:11 p.m.11 views

CVE-2026-29007

CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...

6.9CVSS6AI score0.00472EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 4:11 p.m.3 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6.1AI score0.00472EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/07 1:42 p.m.9 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 1:25 p.m.10 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 1:6 p.m.4 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 12:0 p.m.4 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 12:31 a.m.6 views

EUVD-2026-40244

A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...

6.5CVSS6AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 11:16 p.m.11 views

CVE-2026-51218

A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...

6.5CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-263 NASA AIT-Core vulnerable to remote code execution

An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...

9.3CVSS6.1AI score0.00438EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.24 views

CVE-2026-51218

A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...

0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:0 a.m.6 views

CVE-2026-51218

A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...

6AI score0.00303EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:0 a.m.19 views

CVE-2026-51221

CVE-2026-51221 describes a buffer overflow in the Get_Attribute_List() function of the EIPStackGroup OpENer project (commit 76b95c) that can cause a Denial of Service when processing a crafted CPF packet. Affected component is the OpENer EIP stack; the root cause is a buffer overflow in the Get_A...

7.5CVSS6AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53751

Name of the Vulnerable Software and Affected Versions snap7 version 1.4.3 Description A heap buffer overflow occurs in the TS7Worker::PerformFunctionWrite function located in /core/s7 server.cpp. This issue allows an attacker to trigger a Denial of Service DoS by sending a specially crafted packe...

6.1AI score0.00303EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

ALPINE-CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

8.3CVSS6.2AI score0.00732EPSS
Exploits11References1
Debian CVE
Debian CVE
added 2026/06/15 7:10 p.m.8 views

CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/12 7:56 p.m.9 views

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

8.2CVSS5.5AI score0.00463EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-29116

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

8.7CVSS5.4AI score0.00395EPSS
Exploits3References1
CVE
CVE
added 2026/06/10 9:4 p.m.25 views

CVE-2026-11604

CVE-2026-11604 concerns OpenVPN ovpn-dco-win, where an incorrect buffer size calculation in the epoch key generator (versions 2.0.0–2.8.3) can be abused by a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, causing a denial ...

5.6CVSS5.9AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 7:16 a.m.17 views

CVE-2026-29115

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

6.9CVSS0.00362EPSS
Exploits2References1
Rows per page
Query Builder