Lucene search
K

90 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42646

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-51602

CVE-2026-51602 describes a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91). An unauthenticated remote attacker can cause a denial of service by sending a crafted SETUP request. The root cause is the second-stage URL routing parser failing to validate the le...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

0.00411EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/04 11:13 a.m.4 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/ngap to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/util to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the NGSetupRequest process. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Remediation Upgrade github.com/omec-project/amf/gmm to version...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:39 a.m.27 views

CVE-2026-53253

CVE-2026-53253 affects the Linux kernel Bluetooth BNEP stack. The vulnerability arises when a BNEP peer sends a short SDU and the kernel bnep_rx_frame() reads the packet type, then bnep_rx_control() dereferences the control opcode or setup UUID-size byte before ensuring those bytes are present. T...

7.1CVSS5.7AI score0.00274EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.12 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

7.5CVSS5.5AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS5.5AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.19 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS0.00347EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 12:0 a.m.30 views

CVE-2026-37224

Summary: FlexRIC v2.0.0 crashes when it receives two identical E2_SETUP_REQUEST messages from the same or spoofed E2 Nodes. The iApp registry enforces node ID uniqueness via an assert(), not a graceful rejection, leading to a remote unauthenticated crash of the iApp process (port 36421) and a SIG...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 12:0 a.m.20 views

CVE-2026-37231

FlexRIC v2.0.0 contains a bug where a uint16_t counter used for xapp_id assignment is stored in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps, causing duplicate xapp_ids. The iApp on port 36422 crashes when it attempts to register a duplicate ID within its in...

7.5CVSS5.8AI score0.00488EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.11 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

5.8AI score0.00345EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/01 12:0 a.m.32 views

CVE-2026-37231

FlexRIC v2.0.0 uses a uint16t counter for xappid assignment but stores the value in uint32t message fields. After 65,530+ E42SETUPREQUESTs, the 16-bit counter wraps around and produces duplicate xappids. The iApp port 36422 crashes when attempting to register a duplicate ID in its internal data...

0.00488EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 12:0 a.m.38 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

0.00345EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/01 12:0 a.m.13 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

5.8AI score0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.14 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45430

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 SETUP REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 364...

5.8AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder