Lucene search
K

296 matches found

CVE
CVE
added 2 hours ago37 views

CVE-2026-47703

Summary: CVE-2026-47703 affects AdGuard Home and its DoQ-to-UDP forwarding path. Prior to version 0.107.75, the backend UDP path could collapse the DNS transaction ID (txid) to 0 on client-triggered DoQ queries, reducing the entropy of the backend tuple from (txid, source-port) to only the source...

6.3CVSS6.1AI score0.00047EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References6
NVD
NVD
added 2026/06/28 12:16 a.m.14 views

CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

8.7CVSS0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.27 views

PT-2026-53076

Name of the Vulnerable Software and Affected Versions Zephyr versions 3.6.0 through 4.4.0 Description An out-of-bounds write exists in the IP socket recvmsg implementation within the insert pktinfo function. The issue occurs because the system validates the user-supplied ancillary msg control...

8.7CVSS6.1AI score0.0012EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 11:21 p.m.5 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 10:55 a.m.9 views

SUSE-SU-2026:2481-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 8:23 a.m.6 views

SUSE-SU-2026:2475-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 2:46 a.m.72 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:18 p.m.5 views

CVE-2026-48715

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

7.7CVSS6.1AI score0.00203EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/18 1:51 p.m.2 views

CVE-2026-12539 Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS6.1AI score0.00097EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.8 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.5AI score0.00255EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-45536

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS0.00136EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 10:0 p.m.9 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 11:1 p.m.10 views

GHSA-W573-9FFJ-6FF9 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

4CVSS5.5AI score0.00136EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/08 11:1 p.m.24 views

Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

4CVSS5.5AI score0.00136EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7423

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.5AI score0.00144EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:3 a.m.10 views

ipv4: icmp: validate reply type before using icmp_pointers

...

8.2CVSS5.4AI score0.00433EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.15 views

SUSE CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References18
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS0.00114EPSS
Exploits0References8
Rows per page
Query Builder