Lucene search
K

946 matches found

RedHat Linux
RedHat Linux
added yesterday2 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday31 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.5AI score0.02884EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago3 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago3 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago6 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-53109

A flaw was found in the Linux kernel's powerpc page table fragment handling. During process exit, a race condition can occur where a page table fragment's active flag is not properly cleared. This can lead to a "bad page state" error, potentially causing system instability or a Denial of Service...

5.5CVSS5.7AI score0.00161EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
NVD
NVD
added last week9 views

CVE-2026-13351

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added last week21 views

CVE-2026-53175

The CVE-2026-53175 entries describe a use-after-free in the Linux kernel’s fragment reassembly during netns teardown. Root cause: fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced by fragment queue state (fragments_tail/last_run_head) before INET_FRAG_COMPLETE is set, a...

9.8CVSS5.8AI score0.00327EPSS
Exploits0References8
Cvelist
Cvelist
added last week27 views

CVE-2026-53175 inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush

In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...

9.8CVSS0.00327EPSS
Exploits0References5
Debian CVE
Debian CVE
added last week4 views

CVE-2026-53175

In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...

9.8CVSS5.7AI score0.00327EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 8:44 p.m.8 views

CVE-2026-52914

A flaw was found in the Linux kernel's batman-adv component. This vulnerability allows a local attacker to cause a denial of service DoS by sending malformed fragment chains. The flaw is due to incorrect accounting of fragment reassembly length, which can be truncated during updates, bypassing...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.6AI score0.00177EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.6 views

CVE-2026-48779

A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that...

7.5CVSS5.7AI score0.00782EPSS
Exploits1References8
Ubuntu
Ubuntu
added 2026/06/22 11:17 p.m.7 views

USN-8462-1: Linux kernel (Oracle) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS7.1AI score0.96775EPSS
Exploits281
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: DATA/RESPONSE packets are also unshared when paged fragments are present. The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb into a linear sequence before calling...

7.8CVSS6.9AI score0.92766EPSS
Exploits20References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

Transmitted requests in Xen’s virtual network protocol can consist of multiple parts. Although none of them are actually useful, except for the initial part, any of these parts can be of zero length, meaning they carry no data at all. Apart from the certain initial portion of the data to be...

7.5CVSS6.7AI score0.01177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fixed a use-after-free in r535gsprpcpush. The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller’s RPC container, the container wil...

7.8CVSS5.6AI score0.00145EPSS
Exploits0References2
Rows per page
Query Builder