Lucene search
K

67 matches found

Cvelist
Cvelist
added 2026/06/25 8:38 a.m.30 views

CVE-2026-53176 IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN

In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...

9.8CVSS0.00742EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52272

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iSER iSCSI Extensions for RDMA driver where the isert login recv done function in drivers/infiniband/ulp/isert/ib isert.c fails to validate the lower bound of the...

9.8CVSS5.8AI score0.00742EPSS
Exploits0References26
CVE
CVE
added 2026/06/24 4:29 p.m.20 views

CVE-2026-52989

CVE-2026-52989 affects the Linux kernel nvmet-tcp component. The root cause is that nvmet_tcp_build_pdu_iovec() detects out-of-bounds PDU length/offset but does not propagate the error to callers; it returns void and triggers nvmet_tcp_fatal_error(cmd->queue) without alerting the caller, leavi...

9.8CVSS5.7AI score0.00342EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51883

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the nvmet-tcp component occurs because the nvmet tcp build pdu iovec function does not propagate errors to its callers when detecting out-of-bounds PDU Protocol Data Unit lengt...

9.8CVSS6AI score0.00342EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7183

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

6.9CVSS5.4AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 6:31 p.m.11 views

EUVD-2026-33696

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...

7.5CVSS5.9AI score0.00428EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ofono

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.5AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39565

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm build pdu session establishment accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be...

5.3CVSS5.5AI score0.00461EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.35 views

CVE-2025-46115

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...

0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.4 views

CVE-2025-46115

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...

5.3AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Open5GS 输入验证错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Version 2.7.3 of Open5GS contains a vulnerability related to input validation errors. This vulnerability stems from specially crafted PDU session modification requests,...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 11:16 p.m.4 views

CVE-2026-7183

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

6.9CVSS0.00405EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:9 a.m.6 views

Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 7:35 p.m.5 views

CVE-2026-31498

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. A remote attacker could exploit this by sending a malformed configuration request with a zero-valued maximum PDU Protocol Data Unit size. This could lead to an infinite loop,...

6.1CVSS5.4AI score0.00123EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from l2capecreddatarcv not verifying the PDU length before reading the SDU length, potentially leading...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 11:46 p.m.2 views

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/02/28 9:4 a.m.9 views

nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

...

7.5CVSS7.2AI score0.0071EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/27 12:25 a.m.8 views

SUSE CVE-2026-25941

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory...

4.3CVSS5.9AI score0.00284EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/16 12:13 p.m.7 views

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS5.7AI score0.0071EPSS
Exploits0References5
CVE
CVE
added 2026/02/13 1:29 p.m.60 views

CVE-2026-23112

CVE-2026-23112 affects the Linux kernel nvmet-tcp implementation. The issue in nvmet_tcp_build_pdu_iovec allows walking past cmd->req.sg when a PDU length/offset exceeds sg_cnt, causing bogus sg->length/offset usage and leading to _copy_to_iter() GPF/KASAN. The fix adds guards for sg_idx, r...

9.8CVSS5.2AI score0.00399EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder