Lucene search
K

54 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-10660

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS6.2AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS6.1AI score0.00533EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 4:16 p.m.13 views

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

5.3CVSS0.00274EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39830

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS5.5AI score0.00533EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.18 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.5AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.11 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 9:56 p.m.32 views

CVE-2026-46416

Microsoft UFO (open-source framework for intelligent automation) in version 3.0.1-4-ge2626659 uses a single shared UFOWebSocketHandler instance for multiple authenticated WebSocket connections. The handler caches per-connection protocol objects in mutable fields, and each new connection overwrite...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:56 p.m.12 views

EUVD-2026-32676

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44120

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO creates a single shared UFOWebSocketHandler instance that is reused across multiple authenticated WebSocket connections. The handler stores protocol objects for each connection ...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 4:16 a.m.18 views

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS0.00533EPSS
Exploits0References28
OSV
OSV
added 2026/05/22 2:31 a.m.1 views

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS6AI score0.00533EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

9.8CVSS5.8AI score0.00533EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/19 9:10 a.m.11 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/07 3:43 a.m.20 views

EUVD-2026-26715

Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References5
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-260 Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a...

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS5.8AI score0.00403EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/04/25 1:40 a.m.4 views

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 2:30 p.m.7 views

EUVD-2026-25430

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

5.5AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder