12548 matches found
CVE-2026-7535
A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...
CVE-2026-7535 Open5GS transfer-update denial of service
A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...
CVE-2026-7535
Open5GS
CVE-2026-37534
CVE-2026-37534 describes an integer underflow in Open-SAE-J1939 (Open-SAE-J1939_Read_Transport_Protocol_Data_Transfer) triggered by a crafted CAN frame sequence number, allowing an attacker to write to arbitrary memory. Affected component is SAE_J1939_Read_Transport_Protocol_Data_Transfer; root c...
PT-2026-36313
Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...
Open SAE J1939 输入验证错误漏洞
Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles by Daniel Mårtensson, a private developer. Open SAE J1939 suffers from an input validation error vulnerability that stems from an integer underflow in the transport protocol data transfer processing resulting in an...
Open SAE J1939 资源管理错误漏洞
Open SAE J1939 is an industrial vehicle CAN bus communication protocol library from the individual developer Daniel Mårtensson. Open SAE J1939 suffers from a resource management error vulnerability that stems from an issue in SAEJ1939ReadBinaryDataTransferDM16, which could result in a denial of...
Bandit 安全漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.3.6 through versions prior to 1.11.0, which stems from HTTP/2 frame deserialization that buffers the entire body of a frame before checking the size...
PT-2026-36262
Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered by manipulating the ueContextId argument in the '/namf-comm/v1/ue-contexts/ueContextId/transfer-update' endpoint. This issue resides within the amf namf co...
CVE-2026-42467
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...
CVE-2026-37537
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
EUVD-2026-26690
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
CVE-2026-42467
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...
CVE-2026-37537
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
CVE-2026-37537
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...
PT-2026-36516
Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe Description A denial of service can be triggered via a crafted CAN frame on the J1939 bus within the SAE J1939 Read Binary Data Transfer DM16 function...
PT-2026-36511
Name of the Vulnerable Software and Affected Versions collin80/Open-SAE-J1939 versions prior to commit 744024d4306bc387857dfce439558336806acb06 Description An integer underflow exists in the Transport Protocol Data Transfer handling. When the sequence number from a CAN frame, represented by the...
CVE-2026-37537
CVE-2026-37537 concerns the collin80/Open-SAE-J1939 project. The connected sources describe an integer underflow in the Transport Protocol Data Transfer handling: when the CAN frame sequence number data[0] is 0, the index = data[0] - 1 underflows to 255. A subsequent write to tp_dt->data[255*7...
EUVD-2026-26687
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation...