Lucene search
K

226 matches found

CVE
CVE
added yesterday6 views

CVE-2026-9140

CVE-2026-9140 describes a denial-of-service in 1719-AENTR devices caused by improper handling of a UDP unicast network storm, leading to device overload and loss of communication. Recovery requires a power cycle. The CVSS 4.0 score is 8.7 (HIGH); attack vector is NETWORK with no privileges or use...

8.7CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/06/28 5:16 a.m.10 views

CVE-2026-10593

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00185EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/28 4:28 a.m.6 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:28 a.m.11 views

CVE-2026-10593

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS5.8AI score0.00185EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/28 4:28 a.m.23 views

CVE-2026-10593

The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/28 4:28 a.m.44 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.17 views

PT-2026-53091

Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.3.0 Zephyr version 4.3.0 Zephyr version 4.4.0 Description The Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles state notifications supplied by a peer. In the unicast client ep qos state function...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References8
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:8 a.m.6 views

batman-adv: frag: disallow unicast fragment in fragment

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.5 views

CVE-2026-52916

A flaw was found in the Linux kernel's batman-adv module. A remote attacker can exploit this vulnerability by sending specially crafted BATADVUNICASTFRAG packets, which are designed to contain other fragmented packets. This 'fragments in fragments' scenario causes the kernel to recursively proces...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.5CVSS0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38719

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.7AI score0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.23 views

CVE-2026-52916

CVE-2026-52916 affects the Linux kernel’s BATMAN-adv frag handling. A crafted BATADV_UNICAST_FRAG packet can defragment into another BATADV_UNICAST_FRAG, causing unbounded recursion in batadv_batman_skb_recv() and leading to kernel stack exhaustion. The published description specifies that refrag...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.2 views

CVE-2026-52916 batman-adv: frag: disallow unicast fragment in fragment

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.5CVSS5.6AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv frag skb buffer function is called by batadv batman skb recv upon receiving a BATADV UNICAST FRAG packet. After reassembling the...

6AI score0.00123EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once a...

5.5CVSS6AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in avahi

In Avahi, including versions 0.6.32 and 0.7, avahi-daemon inadvertently responds to IPv6 unicast queries with source addresses that are not on-link. This allows remote attackers to cause a denial of service traffic amplification and may lead to information leakage by extracting potentially...

9.1CVSS6.9AI score0.03082EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021635 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardo...

5.5CVSS6.3AI score0.00183EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:8 p.m.6 views

CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

5.8AI score0.00119EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder