Lucene search
+L

826 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53366

A flaw was found in the Linux kernel's handling of IPv4 network packets. An error in how the kernel accounts for fragmented data during memory allocation can lead to an undersized memory buffer. This memory handling issue could potentially be exploited by a remote attacker to cause a system crash...

7.8CVSS5.4AI score0.00191EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-62389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments,...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-62389

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS0.0045EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-44729

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS0.0045EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-62389

CVE-2026-62389 affects the ws WebSocket library up to version 8.21.0 (pre-8.21.1). Root cause: in lib/receiver.js, the fragment guard only triggers when fragment count reaches maxFragments, allowing memory exhaustion by sending incomplete fragmented messages; each fragment is stored as a separate...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix zerocopy completion for multi-skb sends When a large message is fragmented into multiple skbs, the zerocopy uarg is only allocated and attache...

6.1AI score0.00155EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.4 views

netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments

A flaw was found in netty-transport-sctp. A remote attacker can exploit this vulnerability by sending specially crafted, non-complete Stream Control Transmission Protocol SCTP message fragments. This can lead to unbounded memory growth within the application, causing a Denial of Service DoS...

7.5CVSS6AI score0.0038EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 3:17 p.m.11 views

CVE-2026-6685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority following a notification that the vulnerability determination was made in error. After review, the CNA confirmed the erroneous finding. Thanks to David Brown for reaching out about this issue...

0.00205EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/01 1:47 p.m.36 views

CVE-2026-6685

...

0.00205EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:47 p.m.6 views

CVE-2026-6685

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority following a notification that the vulnerability determination was made in error. After review, the CNA confirmed the erroneous finding. Thanks to David Brown for reaching out about this issue...

6.1CVSS6.1AI score0.00205EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/07/01 1:47 p.m.7 views

CVE-2026-6685

...

6.2AI score0.00205EPSS
Exploits1
EUVD
EUVD
added 2026/07/01 1:47 p.m.7 views

EUVD-2026-40996

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits1References4
CVE
CVE
added 2026/07/01 1:47 p.m.42 views

CVE-2026-6685

CVE-2026-6685 refers to an Integer Underflow in FatFs during dirty-sector cache flush when handling fragmented volumes. Affected software is FatFs R0.16 and earlier; the issue arises from an unsigned-subtraction wrap in cache handling (fp-&gt;sect vs. sect) during interleaved read/write, which ca...

6.1AI score0.00205EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54927

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An integer underflow occurs during interleaved read and write operations on fragmented filesystems. This issue is caused by an unsigned-subtraction wrap in the f read and f write functions when...

6.1CVSS6.1AI score0.00205EPSS
Exploits1References7
NVD
NVD
added 2026/06/29 8:17 p.m.10 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:3 p.m.7 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.7 views

PT-2026-53691

Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53151

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

9.8CVSS0.00497EPSS
Exploits0References5
Rows per page
Query Builder