Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...

Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX in NET-SNMP-VACM-MIB could lead to an out-of-bounds memory access. A user with read-only credentials could exploit this issue. Version 5.9.2...

Astra Linux - уязвимость в net-snmp

The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

Astra Linux - уязвимость в net-snmp

The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

EUVD-2026-30793

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

lwip-2026-pocs

lwip-2026-pocs Proof-of-concept exploits from the xchglabs...

CVE-2026-23827

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...

CVE-2026-42924

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42924

CVE-2026-42924 affects BIG-IP with iControl SOAP. An authenticated user with Resource Administrator or Administrator rights can create SNMP configuration objects via iControl SOAP, leading to privilege escalation (control-plane issue; data plane unaffected). CVSS v3.1: 8.7 (NETWORK, HIGH). CVSS v...

CVE-2026-40698 iControl REST and TMSH vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...

F5 BIG-IP和F5 BIG-IQ 命令注入漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

EUVD-2026-29753

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...

CVE-2026-23826

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitati...

CVE-2026-23827

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...

CVE-2026-23827 Unauthenticated Remote Code Execution via Heap Buffer Overflow in Network Management Service

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...

CVE-2026-23827 Unauthenticated Remote Code Execution via Heap Buffer Overflow in Network Management Service

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...

CVE-2026-23827

CVE-2026-23827 involves a heap-based buffer overflow in the Network management service of AOS-8 and AOS-10. The issue allows an unauthenticated remote attacker to achieve remote code execution with privileges on the underlying OS, potentially leading to a full system compromise. Exploitation may ...

CVE-2026-23826

CVE-2026-23826 affects the AOS-8 Operating System’s network management service. An unauthenticated remote attacker can send specially crafted network packets to the affected device, potentially causing a denial-of-service by terminating the service process and disrupting normal device operations....

CVE-2026-23826 Unauthenticated Denial of Service in AOS-8 Network Management Service

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitati...