53 matches found
CVE-2026-51541
OpENer 2.3.0 (commit 76b95cf) is affected by CVE-2026-51541 due to an out-of-bounds read in CIP message parsing when processing malformed explicit requests with a forged EPath size. An ENIP SendRRData frame carrying a short CIP payload with a larger declared path_size can cause the parser to cont...
Linux Distros Unpatched Vulnerability : CVE-2026-40208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. CVE-2026-40208 Note that Nessus relies...
CVE-2026-40208
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
CVE-2026-40208
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
CVE-2026-40208 Denial of service via DoH3 queries
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
EUVD-2026-39347
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
CVE-2026-40208
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, and =12.1.0alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames. This can happen by sending frames that are malformed or should not be sent under certain stream conditions, thereby forcing the server to consume...
nginx: Fix of 5 CVEs
CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...
CLSA-2026-1776791510 nginx: Fix of 5 CVEs
CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...
CLSA-2026-1776791328 nginx: Fix of 5 CVEs
CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...
EUVD-2026-19337
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection...
CVE-2026-21381 Buffer Over-read in WLAN Firmware
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection...
CVE-2026-21381
CVE-2026-21381 is described in connected records as a buffer over-read in WLAN firmware causing a transient denial-of-service when a service data frame with excessive length is processed during device matching over a neighborhood awareness network protocol. This CVE is associated with WLAN firmwa...
UBUNTU-CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
EUVD-2026-12095
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145...
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...
GHSA-VXX9-2994-Q338 Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...
CVE-2026-32314
CVE-2026-32314 affects the Rust Yamux implementation prior to 0.13.10. A crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g., 262145) can cause a panic. On the first packet of a new inbound stream, a receiver is queued before oversized-body validation...