23962 matches found
CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-23271: perf: Fix perfeventoverflow vs perfremovefromcontext race bsc1260018. CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261638...
PT-2026-48234
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
CVE-2025-55658
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
PT-2026-48161
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf opus parse packet header function media tools/av parsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
PT-2026-48236
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
UBUNTU-CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
PT-2026-48240
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
CVE-2025-55658
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token
NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
ALPINE-CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
EUVD-2026-35197
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
CVE-2026-49494
Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...