Lucene search
K

485 matches found

Cvelist
Cvelist
added 2026/05/06 7:40 a.m.34 views

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 7:40 a.m.28 views

CVE-2026-43080

Summary of CVE-2026-43080 (Linux kernel) : The issue resides in the L2TP/PPP over L2TP code path where an oversized PPPoL2TP packet sent with UDP encapsulation can trigger an overflow of the 16‑bit UDP length field, causing the length to be trimmed and potentially sending malformed packets. The p...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.7 views

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from l2tp’s failure to check for UDP length field overflows during UDP encapsulation. This could lead to the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists i...

5.5CVSS6AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow occurs in the 16-bit UDP length field when processing oversized PPPoL2TP packets with UDP encapsulation. The l2tp xmit core function fails to check for overflows during the...

9.8CVSS5.4AI score0.0053EPSS
Exploits1References380
CVE
CVE
added 2026/05/03 6:15 a.m.28 views

CVE-2026-7682

Edimax BR-6208AC (firmware 1.02) contains a vulnerability in the L2TP Mode setWAN function (/goform/setWAN). The L2TPUserName parameter can be manipulated to induce command injection. The issue is exploitable remotely and has publicly disclosed PoC/exploit code. Vendor did not respond to disclosu...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.31 views

CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...

0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient validation of ERTM re-initialization and zero pdulen in L2CAP. This vulnerability ma...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-33780

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

7.1CVSS5.9AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 12:30 a.m.6 views

EUVD-2026-21090

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

7.1CVSS6AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:35 p.m.3 views

CVE-2026-33781

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...

7.1CVSS6AI score0.00165EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/09 9:35 p.m.22 views

CVE-2026-33781

Junos OS on EX Series and QFX Series is affected by CVE-2026-33781. In VXLAN scenarios, when L2PT is enabled on the UNI and VSTP on the NNI, receiving VSTP BPDUs on UNI can trigger a memory leak in the packet forwarding engine (pfe) and packet buffer allocation failures, causing the device to sto...

7.1CVSS6AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:29 p.m.20 views

CVE-2026-33780 Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

7.1CVSS0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:29 p.m.2 views

CVE-2026-33780

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

7.1CVSS6AI score0.00173EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.16 views

PT-2026-31801

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...

7.1CVSS6AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 4:52 p.m.23 views

CVE-2026-39312 Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS0.0045EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 4:52 p.m.5 views

CVE-2026-39312 Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS6AI score0.0045EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:52 p.m.3 views

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS6AI score0.0045EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder