2169 matches found
CVE-2026-60109
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-15173
A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the pcapng file parser, leading to a crash of the application. This denial of service DoS could prevent legitimate users from accessing the service, impacting its availability. Mitigation To mitigate this issue, use...
CVE-2026-58207
CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
PT-2026-55999
Name of the Vulnerable Software and Affected Versions vLLM versions 0.12.0 through 0.23.x Description A flaw in the EngineCore of the library occurs when a remote authorized user sends a pure prompt embeds payload to the '/v1/completions' endpoint using a model that implements M-RoPE Multimodal...
OpenVPN 2.6.x < 2.6.20 / 2.7.x < 2.7.2 TLS Race Condition
According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by a vulnerability: - A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a...
SUSE SLES16: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2026:22209-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22209-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957...
DEBIAN-CVE-2026-56770
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...
CVE-2026-56770
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A null pointer dereference flaw was discovered in the Linux kernel’s DECnet networking protocol. This issue could allow a remote user to crash the system...
kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash
...
Linux Distros Unpatched Vulnerability : CVE-2026-52719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the...
CVE-2026-54412
CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...
SUSE SLES15 Security Update : glibc (SUSE-SU-2026:2333-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2333-1 advisory. This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely...
SUSE CVE-2026-49759
Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...
EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2026-2394)
According to the versions of the avahi packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc...
CVE-2026-46543
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...
EUVD-2026-36136
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...
CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...