Lucene search
K

727 matches found

NVD
NVD
added 2026/04/22 2:16 p.m.6 views

CVE-2026-31503

In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 for collision detection. The current code switches to "hash2" when...

5.5CVSS0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/04/22 2:16 p.m.5 views

UBUNTU-CVE-2026-33602

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

8.2CVSS5.8AI score0.00731EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 1:54 p.m.31 views

CVE-2026-31503

CVE-2026-31503 concerns a Linux kernel UDP hash2-based wildcard-bind conflict check that can miss an in-use port when many sockets bind to the same port. The issue arises because UDP uses two hashes (hash and hash2) for collision detection and switches to hash2 only when hslot->count > 10, ...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:45 p.m.32 views

CVE-2026-33602 Off-by-one access when processing crafted UDP responses

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

6.5CVSS0.00731EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/22 1:45 p.m.7 views

CVE-2026-33602

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

8.2CVSS5.3AI score0.00731EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/22 1:45 p.m.4 views

CVE-2026-33602

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

8.2CVSS5.7AI score0.00731EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 10:32 a.m.8 views

CVE-2026-5358

No description is available for this CVE. Mitigation To mitigate this issue, ensure that Network Information Service NIS is not in use on affected systems. NIS is an obsolete service and its use is deprecated in modern Red Hat Enterprise Linux environments. If NIS is not required, disable any...

5.2AI score0.0004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34444

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A rogue backend can send a crafted UDP response with a query ID off by one relative to the maximum configured value. This triggers an out-of-bounds write, which ...

8.2CVSS5.4AI score0.00731EPSS
Exploits0References48
RedhatCVE
RedhatCVE
added 2026/04/21 7:27 p.m.5 views

CVE-2026-40613

A flaw was found in coturn, an open-source implementation of TURN and STUN servers. Unsafe pointer casts in the STUN Session Traversal Utilities for NAT and TURN Traversal Using Relays around NAT attribute parsing functions can lead to misaligned memory reads. An unauthenticated remote attacker c...

7.5CVSS5.8AI score0.01123EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 9:0 a.m.3 views

DEBIAN-CVE-2026-5358

The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application...

5.9AI score0.0004EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013286 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leak...

5.5CVSS5.7AI score0.00149EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/20 8:37 p.m.7 views

CVE-2026-5358

Removed by vendor...

5.7AI score0.0004EPSS
Exploits0
OSV
OSV
added 2026/04/16 10:22 a.m.6 views

SUSE-SU-2026:1394-1 Security update for corosync

This update for corosync fixes the following issues: - CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet bsc1261299. - CVE-2026-35092: Denial of Service via integer overflow in join message validation bsc1261300...

8.2CVSS5.8AI score0.00994EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Amazon Linux 2023 : corosync, corosync-vqsim, corosynclib (ALAS2023-2026-1560)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1560 advisory. A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially craft...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:19 p.m.1 views

CVE-2020-37216

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...

8.7CVSS6AI score0.00921EPSS
Exploits0References4Affected Software1
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.160 views

HTTP Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION ms...

6AI score
Exploits0
EUVD
EUVD
added 2026/04/01 3:31 p.m.3 views

EUVD-2026-17881

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

7.5CVSS5.9AI score0.00994EPSS
Exploits1References4
OSV
OSV
added 2026/04/01 2:16 p.m.2 views

DEBIAN-CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS5.8AI score0.00867EPSS
Exploits1References1
OSV
OSV
added 2026/04/01 2:16 p.m.3 views

DEBIAN-CVE-2026-35092

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

7.5CVSS5.3AI score0.00994EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 2:16 p.m.5 views

CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS0.00867EPSS
Exploits1References17
Rows per page
Query Builder