Lucene search
+L

869 matches found

nessus
nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-29007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers ...

6.9CVSS6.2AI score0.00472EPSS
Exploits0References3
osv
osv
added 2026/07/08 5:17 p.m.3 views

DEBIAN-CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6.1AI score0.00446EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 5:17 p.m.9 views

CVE-2026-29009

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS0.00438EPSS
Exploits0References4
osv
osv
added 2026/07/08 5:17 p.m.3 views

DEBIAN-CVE-2026-29007

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6.1AI score0.00472EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 5:17 p.m.8 views

CVE-2026-29007

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00472EPSS
Exploits0References4
osv
osv
added 2026/07/08 5:17 p.m.3 views

UBUNTU-CVE-2026-29009

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS6.2AI score0.00438EPSS
Exploits0References2
osv
osv
added 2026/07/08 5:17 p.m.3 views

UBUNTU-CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6.1AI score0.00446EPSS
Exploits0References2
osv
osv
added 2026/07/08 5:17 p.m.2 views

UBUNTU-CVE-2026-29007

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6.1AI score0.00472EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/08 4:16 p.m.35 views

CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS0.00438EPSS
Exploits0References4
osv
osv
added 2026/07/08 4:16 p.m.4 views

CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS6.2AI score0.00438EPSS
Exploits0References7
cve
cve
added 2026/07/08 4:14 p.m.12 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score0.00446EPSS
Exploits0References4
osv
osv
added 2026/07/08 4:14 p.m.4 views

CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6.1AI score0.00446EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/07/08 4:14 p.m.4 views

CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6AI score0.00446EPSS
Exploits0References4
cve
cve
added 2026/07/08 4:11 p.m.11 views

CVE-2026-29007

CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...

6.9CVSS6AI score0.00472EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/08 4:11 p.m.37 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00472EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 4:11 p.m.5 views

EUVD-2026-42328

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6AI score0.00472EPSS
Exploits0References3
osv
osv
added 2026/07/08 4:11 p.m.3 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6.1AI score0.00472EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/07/08 4:11 p.m.4 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6AI score0.00472EPSS
Exploits0References4
nessus
nessus
added 2026/06/24 12:0 a.m.8 views

Debian dla-4642 : u-boot - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4642 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4642-1 [email protected]...

8.8CVSS6AI score0.00598EPSS
Exploits1References7
debian
debian
added 2026/06/23 9:22 p.m.8 views

[SECURITY] [DLA 4642-1] u-boot security update

Debian LTS Advisory DLA-4642-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 23, 2026 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u3 2023.01+dfsg-2+deb12u3 CVE ID : CVE-2024-42040 CVE-2026-46728 Debian Bug : 1081557 1136954...

8.2CVSS6AI score0.00598EPSS
Exploits1
Rows per page
Query Builder