Lucene search
K

89 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.8AI score0.00122EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.33 views

CVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packets

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

8.8CVSS0.00247EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.5 views

CVE-2026-52934

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

8.8CVSS5.6AI score0.00247EPSS
Exploits0
CVE
CVE
added 2026/06/24 7:14 a.m.32 views

CVE-2026-52934

The CVE-2026-52934 entry involves the Linux kernel’s batman-adv TVLV handling. The root cause is batadv_tvlv_container_list_size() using a 16-bit accumulator, which can wrap when the total size exceeds U16_MAX, causing an undersized allocation in batadv_tvlv_container_ogm_append() and a subsequen...

8.8CVSS5.7AI score0.00247EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this...

8.8CVSS6AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 7:3 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the ssh2transportread function in transport.c when processing SSH packets with excessively large packetlength values. An attacker can corrupt heap memory and potentially execute arbitrary code by sending...

9.2CVSS7.7AI score0.00732EPSS
Exploits11References2
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:19 p.m.33 views

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:19 p.m.25 views

CVE-2026-46702

Russh contains a post-decompression packet size bound vulnerability: when SSH compression is enabled, compressed payloads could inflate to oversized decompressed data, bypassing on-wire packet checks. This allowed remote DoS by sending small compressed packets that decompress beyond limits. Affec...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 7:37 p.m.16 views

russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

7.5CVSS6.1AI score0.00268EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the response length checking for UD request packets. According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be considered invalid, and it shall be silently...

5.5CVSS4.9AI score0.00268EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed the Rx DMA data size and skboverpanic issue. The function managetrxbufcfg aligns the DMA data size of the RX buffer to be a multiple of 64. As a result, a packet slightly larger than mtu+14, for example, 1536...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net:bcmgenet: A check for oversized packets has been added. Occasionally, we may receive oversized packets from the hardware that exceed the maximum buffer size of 2 KiB allocated for SKBs. A preliminary check is performed to...

5.5CVSS6.2AI score0.00145EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.14 views

SUSE CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/06 2:43 p.m.9 views

CVE-2026-43080

A flaw was found in the Linux kernel's L2TP Layer 2 Tunneling Protocol subsystem. This vulnerability allows a remote attacker to send an oversized PPPoL2TP packet with UDP encapsulation. Due to an overflow in the 16-bit UDP length field, the packet's length is incorrectly truncated, which can lea...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27571

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.8AI score0.00123EPSS
Exploits0References6
NVD
NVD
added 2026/05/06 10:16 a.m.11 views

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.5CVSS0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.34 views

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 7:40 a.m.25 views

CVE-2026-43080

Summary of CVE-2026-43080 (Linux kernel) : The issue resides in the L2TP/PPP over L2TP code path where an oversized PPPoL2TP packet sent with UDP encapsulation can trigger an overflow of the 16‑bit UDP length field, causing the length to be trimmed and potentially sending malformed packets. The p...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/06 7:40 a.m.3 views

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References11
Rows per page
Query Builder