Lucene search
K

68 matches found

Cvelist
Cvelist
added last week36 views

CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00446EPSS
Exploits0References4
Cvelist
Cvelist
added last week36 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00472EPSS
Exploits0References4
OSV
OSV
added last week3 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6.1AI score0.00472EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013442)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013442 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of- bounds read and OOPS for SMB2WRITE, when there is a large...

8.1CVSS5.8AI score0.03503EPSS
Exploits0References9
NVD
NVD
added 2026/04/11 1:16 a.m.8 views

CVE-2026-4149

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

10CVSS0.00995EPSS
Exploits0References1
CVE
CVE
added 2026/04/11 12:12 a.m.31 views

CVE-2026-4149

The CVE-2026-4149 entry concerns Sonos Era 300. Affected component: SMB response handling (DataOffset) leading to out-of-bounds memory access and remote code execution. Impact: attacker can run code with kernel context via a network vector without authentication (high/CRITICAL). CVSS data: NVD/3....

10CVSS7.8AI score0.00995EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2026/03/13 4:59 p.m.18 views

curl: SMB READ_ANDX DataOffset not validated

Summary: in smbrequeststate case SMBDOWNLOAD curl reads two server-controlled fields from a READANDX response and uses them to decide where in the receive buffer file data starts. c / lib/smb.c / len = Curlread16leconst unsigned char msg + sizeofstruct smbheader + 11; off = Curlread16leconst...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/03/11 8:39 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing process of Mach-O binaries, specifically when reading size and count fields such as DataSize, DataOffset, Size, Count, and Length without proper validation. An...

6.8CVSS5.8AI score0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 7:32 p.m.45 views

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS0.001EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.10 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate the dataoffset and datalength fields of the smbdirectdatatransfer structure. If the dataoffset and datalength fields of the smbdirectdatatransfer structure are invalid, an out-of-bounds issue may occur...

7.1CVSS6.4AI score0.0014EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/25 7:1 p.m.6 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 3:20 p.m.3 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 2:18 p.m.4 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 8:8 a.m.7 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 4:10 a.m.3 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 12:28 a.m.5 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 12:27 a.m.5 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/16 5:51 p.m.2 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 9:51 a.m.4 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/02 3:41 p.m.6 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder