Lucene search
K

225 matches found

CVE
CVE
added 6 days ago10 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score0.00432EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53151

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

9.8CVSS5.9AI score0.00497EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53151

CVE-2026-53151 concerns the Linux kernel AF_RXRPC subsystem, where legacy parsing of the SACK table could trigger an invalid buffer access when processing fragmented UDP packets. The fix updates rxrpc_input_soft_acks() and rxrpc_input_ack() logic so that SACK contents are not copied into a flat b...

9.8CVSS6AI score0.00497EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

8.8CVSS6AI score0.00385EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51724

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the functions batadv tp recv ack and batadv tp stop incorrectly process tp vars when the role is set to BATADV TP RECEIVER. In this state,...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/05/29 10:17 p.m.21 views

stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 10:17 p.m.6 views

GHSA-W7PM-9G55-MXFM stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

7.3CVSS5.9AI score
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the missing initialization of the mrioc-evtackcmds array. The commit c1af985d27da “scsi: mpi3mr: Add Event acknowledgment logic” introduced an array mrioc-evtackcmds, but the initialization of its elements was...

5.3AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...

5.5CVSS6.1AI score0.00219EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even wh...

7.5CVSS6AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/25 1:36 a.m.13 views

SUSE CVE-2026-31662

In the Linux kernel, the following vulnerability has been resolved: tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast...

7.5CVSS5.5AI score0.00389EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35014

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The GRP ACK MSG handler in the tipc group proto rcv function decrements the bc ackers variable on every inbound group ACK, including duplicate ACKs from members who have already...

7.5CVSS5.2AI score0.00389EPSS
Exploits0
EUVD
EUVD
added 2026/04/10 12:30 a.m.7 views

EUVD-2026-21214

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

8.3CVSS6.4AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 10:16 p.m.6 views

UBUNTU-CVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS6.2AI score0.00446EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:43 p.m.48 views

CVE-2026-5264

CVE-2026-5264 describes a heap buffer overflow in DTLS 1.3 ACK message processing. The vulnerability can be triggered by a remote attacker that sends a crafted DTLS 1.3 ACK message, potentially enabling high-impact outcomes as reflected by the associated CVSS metrics (NVD: AV:N/AC:L/PR:N/UI:N/S:U...

9.8CVSS6.4AI score0.00446EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/09 9:43 p.m.10 views

CVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS5.8AI score0.00446EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

2.5CVSS5.9AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 6:9 a.m.19 views

CVE-2026-4247

CVE-2026-4247 affects FreeBSD TCP implementations (bases: 14.x, 15.x/releng) where, when a challenge ACK should be sent, tcp_respond() consumes the mbuf and can leak the mbuf if no ACK is sent. An attacker on-path or able to establish a TCP connection can craft packets that trigger a challenge AC...

7.5CVSS5.7AI score0.01121EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the tcprespond function returning and leaking the mbuf when an ACK should not be sent. This vulnerability could allow attackers to exploit the system by...

7.5CVSS5.8AI score0.01121EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.8 views

FreeBSD -- TCP: remotely exploitable DoS vector (mbuf leak)

Problem Description: When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. Impact: If an attacker is either on path with an established TCP...

7.5CVSS5.7AI score0.01121EPSS
Exploits0
Rows per page
Query Builder