63 matches found
SUSE-SU-2026:22026-1 Security update for frr
This update for frr fixes the following issues: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds...
CVE-2026-33780
CVE-2026-33780 concerns a memory leak in Juniper Networks’ l2ald within Junos OS and Junos OS Evolved that is triggered by churn of EVPN-MPLS ESI routes learned from remote multi-homed PE devices. The issue stems from a memory management logic flaw where memory allocated for ESI routes is not rel...
CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...
FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
...
CVE-2026-5107
A flaw was found in frr package. This vulnerability, located in the EVPN Type-2 Route Handler function, allowing a remote attacker to manipulate access controls when successfully exploited. Due to the high complexity of the attack, exploitation is considered difficult. This could potentially lead...
CVE-2026-5107
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...
CVE-2026-5107
FRRouting FRR up to 10.5.1 is affected by CVE-2026-5107 in the EVPN Type-2 Route Handler (bgpd/bgp_evpn.c, process_type2_route). The issue enables improper access controls via manipulation of the EVPN Type-2 Route processing. Access is remote, with a high attack complexity and the exploitability ...
PT-2026-28761
Name of the Vulnerable Software and Affected Versions FRRouting FRR versions up to 10.5.1 Description A security issue exists in FRRouting FRR related to improper access controls within the EVPN Type-2 Route Handler component. The issue is located in the process type2 route function of the bgpd/b...
CVE-2026-20051
A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when...
Cisco Nexus 3600 and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when...
PT-2026-21939
Name of the Vulnerable Software and Affected Versions Cisco Nexus 3600 Platform Switches affected versions not specified Cisco Nexus 9500-R Series Switching Platforms affected versions not specified Description A flaw exists in the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexu...
CVE-2026-21910
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network...
CVE-2026-21910
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network...
CVE-2026-21910 Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network...
CVE-2025-60004
CVE-2025-60004 affects Juniper Networks Junos OS and Junos OS Evolved. An improper check in the routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to trigger a DoS by sending a crafted BGP EVPN update over an established BGP session, causing rpd to crash/restart. No B...
CVE-2025-60004 Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service DoS. When an affected system receives a specific BGP EVPN updat...
PT-2025-41439
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 23.4R2-S3 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2R2 before 24.2R2-S1 Juniper Networks Junos OS versions 24.4 before 24.4R1-S3 and 24.4R2 Juniper Networks Junos OS Evolved versions...
EUVD-2019-10406
Malware in sbrugna...
EUVD-2019-6907
Malware in sbrugna...
EUVD-2019-6909
Malware in sbrugna...