Lucene search
+L

96 matches found

OSV
OSV
added 2026/07/09 12:54 p.m.4 views

OESA-2026-2956 nmap security update

Nmap "Network Mapper" is a free and open source license utility for network discovery and security \ auditing. It was designed to rapidly scan large networks, but works fine against single hosts. Security Fixes: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured...

6.9CVSS6.7AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:54 p.m.3 views

OESA-2026-2955 nmap security update

Nmap "Network Mapper" is a free and open source license utility for network discovery and security \ auditing. It was designed to rapidly scan large networks, but works fine against single hosts. Security Fixes: Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/30 1:42 a.m.6 views

SUSE CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 2:41 p.m.11 views

CVE-2026-58058

A flaw was found in Nmap. A remote attacker or a scanned target can send a specially crafted IPv6 response with a truncated extension header. This can lead to an integer underflow, causing out-of-bounds reads and a denial of service DoS due to a crash during raw IPv6 scans. Mitigation Mitigation...

6.9CVSS5.7AI score0.00278EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/06/29 8:6 a.m.7 views

Nmap - Integer Underflow in IPv6 Extension Header Parsing

...

6.9CVSS5.9AI score0.00278EPSS
Exploits0
NVD
NVD
added 2026/06/28 2:16 a.m.10 views

CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/06/28 2:16 a.m.3 views

UBUNTU-CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 1:32 a.m.35 views

CVE-2026-58058

CVE-2026-58058 : Nmap up to 7.99 is affected by an integer underflow in IPv6 extension-header parsing (ipv6_get_data_primitive in libnetutil/netutil.cc). A crafted or truncated IPv6 extension header returned by a scanned target or on-path attacker can cause the remaining-length to underflow to a ...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/28 1:32 a.m.11 views

EUVD-2026-39978

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.8 views

CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.8 views

CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.39 views

CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/06/28 1:32 a.m.1 views

CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS6.8AI score0.00278EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52313

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the nft exthdr init function passes a user-controlled priv-len variable to nft parse register store, which marks a specific number of bytes ...

5.5CVSS6AI score0.00128EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-53090

Name of the Vulnerable Software and Affected Versions Nmap versions 7.0.0 through 7.99 Description An issue exists in the ipv6 get data primitive function libnetutil/netutil.cc where the IPv6 extension-header walk is not kept within the captured packet. This causes the pointer to advance past the...

6.9CVSS6.6AI score0.00278EPSS
Exploits0References10
OSV
OSV
added 2026/05/29 7:16 p.m.40 views

GHSA-3PV8-6F4R-FFG2 tar has a PAX header desynchronization issue

Summary When a tar stream contains multiple "header" entries prior to a file entry, tar-rs applies the PAX header x to the next entry in the stream, regardless of type. For example, a stream of x - L - file PAX, GNU longname, file would result in x's extensions being applied to L rather than to...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/06 11:5 p.m.69 views

Memory Allocation with Excessive Size Value

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value the TryRead timestamp decoder in MessagePackPrimitives.Readers.cs. An attacker can crash...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:33 a.m.3 views

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

5.7AI score0.0055EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/04/06 7:33 a.m.53 views

CVE-2026-31405

CVE-2026-31405 : Linux kernel media/dvb-net vulnerability — OOB read in ULE extension header tables due to 255-element lookup arrays; bounds check added for htype to ensure out-of-range SNDU is discarded. This resolves a kernel-wide issue and is reflected in OSV advisories (e.g., Root: Debian 11/...

9.8CVSS5.7AI score0.0055EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/06 12:0 a.m.6 views

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

9.8CVSS5.7AI score0.0055EPSS
Exploits0References8
Rows per page
Query Builder