Lucene search
K

42 matches found

Cvelist
Cvelist
added last week27 views

CVE-2026-52986 netfilter: nf_conntrack_sip: don't use simple_strtoul

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS0.00559EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

RHEL 9 : kernel (RHSA-2026:27713)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27713 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrackh323:...

9.8CVSS6.3AI score0.00514EPSS
Exploits9References18
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.17 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.8AI score0.00514EPSS
Exploits0References5
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE CVE-2026-23401 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriti...

9.8CVSS6.2AI score0.00469EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.8 views

SUSE CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

5.8AI score0.00463EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.5 views

CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

5.8AI score0.00463EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.18 views

CVE-2026-43233

CVE-2026-43233 affects the Linux kernel nf_conntrack_h323 decoder (decode_choice), where a boundary check incorrectly used an uninitialized length and may read past the bitstream end, enabling a remote heap-buffer-overflow via a crafted Q.931 SETUP message to port 1720. The public disclosures des...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.30 views

CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea "netfilter: conntrack: do not dump other netns's conntrack entries via proc"...

0.00123EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013138 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nfcthelperhash uses after free If nfconntrackinitstart fails for...

7.8CVSS5.7AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21932

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

5.7AI score0.00381EPSS
Exploits0References7
CVE
CVE
added 2026/04/13 1:40 p.m.13 views

CVE-2026-31427

The CVE-2026-31427 issue in Linux kernel netfilter/nf_conntrack_sip was fixed by initializing the rtp_addr before calling nf_nat_sip SDP hooks and tracking via a have_rtp_addr flag. If SDP has no m= lines, or contains only inactive/unrecognized media, the code now avoids calling sdp_session with ...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/13 1:21 p.m.41 views

CVE-2026-31414

CVE-2026-31414 (Linux kernel netfilter nf_conntrack_expect) The vulnerability arises from using nfct_help() without holding a reference to the master conntrack, leading to unsafe references when the helper is dumped via ctnetlink and /proc. The fix switches to using exp->master->helper in t...

9.8CVSS5.7AI score0.00381EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to...

9.8CVSS5.8AI score0.00381EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.6 views

SUSE CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

5.3CVSS5.7AI score0.00443EPSS
Exploits0References17
NVD
NVD
added 2026/04/03 4:16 p.m.8 views

CVE-2026-23455

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: check for zero length in DecodeQ931 In DecodeQ931, the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to...

9.1CVSS0.00514EPSS
Exploits0References8
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

8.2CVSS0.00443EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.6 views

CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

8.2CVSS5.7AI score0.00443EPSS
Exploits0References8
OSV
OSV
added 2026/04/03 4:16 p.m.4 views

UBUNTU-CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

8.6CVSS5.7AI score0.00375EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.3 views

CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

5.7AI score0.00443EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.1 views

CVE-2026-23455

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: check for zero length in DecodeQ931 In DecodeQ931, the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to...

5.8AI score0.00514EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder