14785 matches found
CVE-2026-4436 GPL Odorizers GPL750 Missing Authentication for Critical Function
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2026-4436
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...
PT-2026-31742
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the advanced forwarding toolkit evo-aftmand/evo-pfemand of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service DoS.An...
Contemporary Controls BASControl20 安全漏洞
Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...
UBUNTU-CVE-2026-39863
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...
CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...
CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006797)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006797 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006738)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006738 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006707)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006707 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006774)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006774 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...
EUVD-2026-19972
netavark has incorrect error handling for malformed tcp packets...
netavark has incorrect error handling for malformed tcp packets
Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...
GHSA-HFPQ-X728-986J netavark has incorrect error handling for malformed tcp packets
Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
PT-2026-30705
Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400 Description An incorrect handling of LTE...
CVE-2025-58349
The CVE-2025-58349 entry concerns Samsung Exynos-related L2 components (Mobile Processor, Wearable Processor, and Modems) where improper handling of LTE MAC packets containing many MAC Control Elements (CEs) can crash the baseband. Affected products include Exynos 980/990/850/1080/2100/1280/2200/...
SUSE CVE-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...
CVE-2020-37216 Hirschmann HiOS EtherNet/IP Stack Denial of Service
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...