3533 matches found
ThinkCMF X2.2.2 - Remote Code Execution
ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets. id: CVE-2020-20601 info: name: ThinkCMF X2.2.2 - Remote Code Execution author: pikpikcu severity: critical...
Cisco Unified IP Conference Station 7937G - Denial-of-Service
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned...
CVE-2026-15169
A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service DoS by sending a specially crafted Universal Mobile Telecommunications System UMTS FP protocol packet. The flaw resides in the UMTS FP protocol dissector, which can lead to a crash of the...
CVE-2026-15166
A flaw was found in Wireshark, a network protocol analyzer. An attacker could exploit this vulnerability by sending a specially crafted network packet, which would cause the IEEE 802.11 protocol dissector to crash. This issue results in a denial of service, making the Wireshark application...
CVE-2026-29007
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
freerdp: FreeRDP: Arbitrary code execution via crafted RDPGFX PDUs
A heap-buffer-overflow vulnerability exists in FreeRDP when handling Remote Desktop Protocol Graphics RDPGFX. A malicious or compromised RDP server can exploit this flaw by sending specially crafted graphics packets to a connected client, potentially crashing the client application Denial of...
OESA-2026-2807 radvd security update
The router advertisement daemon radvd is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6...
kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...
CVE-2026-53091
A flaw was found in the Linux kernel's handling of Generic Segmentation Offload GSO packet headers. This vulnerability occurs when the qdiscpktlensegsinit function does not properly pull headers into the expected memory location, which can lead to incorrect processing by network drivers. A remote...
kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...
ROS-20260615-73-0041
The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...
CVE-2026-11774
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
CVE-2026-11774
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
CVE-2026-29115
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
CVE-2026-29116
A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
CVE-2026-29115
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
MGASA-2026-0183 Updated freeciv packages fix security vulnerabilities
CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine...
Updated freeciv packages fix security vulnerabilities
CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine...
Dahua多款产品 安全漏洞
Dahua SD, among others, are products of China’s Dahua Corporation. Dahua SD is a series of cloud-based tabletop cameras. Dahua NVR is a series of network video recorders. Dahua XVR is a series of devices capable of recording and displaying high-definition and IP cameras. Several Dahua products ha...
Palo Alto Networks PAN-OS 代码问题漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a code vulnerability in Palo Alto Networks PAN-OS, which stems from memory corruption during tunnel traffic processing. This vulnerability could allow authenticated users to initiat...