Lucene search
K

719 matches found

OSV
OSV
added 5 days ago3 views

EEF-CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Summary Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls\server\connection:initial\hello/3 initializes previous\cookie\secret...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-55282

Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...

8.7CVSS6.2AI score0.00555EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54076

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the QUIC protocol implementation. This allows a remote attacker to potentially exploit heap corruption by sending malicious network traffic. Use after...

9.6CVSS6AI score0.00413EPSS
Exploits0References441
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:10 a.m.7 views

udp: clear skb->dev before running a sockmap verdict

...

7.5CVSS5.8AI score0.00506EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.7 views

CVE-2026-53070

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP over User Datagram Protocol UDP implementation. An issue with managing the transmission context across different processing units could lead to incorrect recursion level detection. This can cause network packets to b...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39326

In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...

5.7AI score0.00466EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53184

The CVE-2026-53184 issue affects the Linux kernel UDP sockmap path. On UDP receive, skb->dev is repurposed as dev_scratch; when a SK_SKB verdict program uses BPF socket-lookup helpers (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp), skb->dev may still hold the dev_scratch value, and dev_net(skb...

7.5CVSS5.7AI score0.00506EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53184

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

7.5CVSS5.7AI score0.00506EPSS
Exploits0
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53070

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

7.5CVSS0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 a.m.7 views

CVE-2026-12847

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 a.m.8 views

CVE-2026-12848

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 a.m.16 views

CVE-2026-12485

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.32 views

CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51658

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, processes unauthenticated discovery and configuration messages. A stack-based buffer overflow occurs because th...

10CVSS6.7AI score0.00427EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: UDP: The auto-bound connected sockets’ hash values are unhashed when they are disconnected from the network. Suppose we bind an UDP socket to a wildcard address with a non-zero port, then connect it to a specific address, and lat...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - UDP: Fixed a race condition between close and udpabort. - Kaustubh reported and diagnosed a panic condition in udpliblookup. The root cause is that udpabort is racing with close. Both functions attempt to acquire the socket...

4.7CVSS6AI score0.00179EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in dnsmasq

A issue was discovered in Dnsmasq before version 2.90. The default maximum EDNS.0 UDP packet size was set to 4096, but it should be 1232 due to DNS Flag Day 2020...

7.5CVSS7.1AI score0.01334EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nbd: restricts sockets to TCP and UDP Recently, syzbot began abusing NBD using various types of sockets. The commit cf1b2326b734 “nbd: verify that sockets are supported during setup” ensured that the socket supported a shutdown...

5.9AI score0.00183EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Memcached

Memcached 1.6.7 allows a Denial of Service attack through multi-packet uploads in UDP...

7.5CVSS6.5AI score0.00912EPSS
Exploits0References1
Rows per page
Query Builder