Lucene search
K

97 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43233

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS6.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.6 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.4AI score0.00426EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 12:20 a.m.8 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.4AI score0.00426EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dlm: Length validation in dlmsearchrsbtree was added. The len parameter in dlmdumprsbname is not validated and comes from network messages. When this parameter exceeds DLMRESNAMEMAXLEN, it may cause an out-of-bounds write in...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 10:0 p.m.16 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 12:38 p.m.27 views

CVE-2026-49498

Ghidra 11.0 before 12.1 is affected by a SQL injection in PostgresFunctionDatabase.changePassword(), which fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can craft username parameters in PasswordChange network messages to inject SQL com...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 9:6 p.m.6 views

CVE-2022-4992 Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...

8.8CVSS5.8AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 2:0 p.m.38 views

CVE-2019-25719 Dräger Infinity M540 VG4.1.1 Spoofing and DoS via Network Message Handling

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...

8.8CVSS0.00132EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29750

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.12 views

EUVD-2026-29751

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-23824

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.12 views

CVE-2026-23825

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:52 p.m.11 views

CVE-2026-23825 Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40352

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Issues in a protocol-handling component allow an unauthenticated attacker to cause a denial-of-service condition by sending specially crafted network...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.9 views

SUSE CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

5.5CVSS6.1AI score0.00426EPSS
Exploits0References5
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

9.8CVSS0.00426EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.11 views

CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

6.1AI score0.00426EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37465

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Distributed Lock Manager DLM where the len parameter in the dlm dump rsb name function is not validated. Because this parameter is derived from network messages,...

9.8CVSS6AI score0.00675EPSS
Exploits0References253
EUVD
EUVD
added 2026/04/30 12:0 a.m.4 views

EUVD-2025-209599

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

5.4AI score0.00332EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 3:35 p.m.14 views

CVE-2026-22885

CVE-2026-22885 affects EnOcean SmartServer IoT prior to version 4.60.009. The vulnerability lies in LON IP-852 management messages, where remote attackers can send specially crafted IP-852 messages that trigger a memory leak in the running process. Public documentation across NVD/Red Hat/CVE reco...

3.7CVSS5.6AI score0.00368EPSS
Exploits0References4
Rows per page
Query Builder