CVE-2025-1991

CVE-2025-1991 affects IBM Informix Dynamic Server versions 12.10, 14.10, and 15.0. The vulnerability is a denial of service caused by an integer underflow during packet processing. IBM’s advisory (ID 7238455) lists fixed releases: 12.10.xC16W2 for 12.10 and 14.10.xC11W2 for 14.10; 15.0 is also li...

IBM Informix Dynamic Server 数字错误漏洞

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides continuous data availability and disaster recovery, among other features, for clustered data centers. A numeric error vulnerability exists in IBM Informix Dynamic...

CVE-2024-53021

Information disclosure may occur while processing goodbye RTCP packet from network...

kernel: veth: Fix use after free in XDP_REDIRECT

A use-after-free vulnerability has been identified within the vethconvertskbtoxdpbuff function of the Linux kernel's veth driver. The flaw stems from improper memory management during packet headroom expansion for XDP eXpress Data Path. Specifically, when the pskbexpandhead function allocates new...

CVE-2024-29786

In pktprocfilldataaddrwithoutbm of linkrxpktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-48983

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the...

CVE-2023-38632

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets...

CVE-2023-20244

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handli...

CVE-2021-36762

An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...

CVE-2021-37206

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 All versions V8.80, SIPROTEC 5 relays with CPU variants CP100 All versions V8.80, SIPROTEC 5 relays with CPU variants CP300 All versions V8.80. Received webpackets are not properly processed. An unauthenticated remot...

CVE-2019-5613

In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated...

CVE-2022-49856

...

CVE-2025-37794

In CVE-2025-37794, the Linux kernel Wi‑Fi stack (mac80211) could purge the vif TX queue too late during ieee80211_do_stop(), allowing SKBs from the vif’s txq to be dequeued and processed after SDATA_STATE_RUNNING is cleared. This could occur due to a concurrent schedule_and_wake_txq path that deq...

CVE-2025-37749 net: ppp: Add bound checking for skb data on ppp_sync_txmung

In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on pppsynctxmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When...

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes depending on the address family...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to a race condition in the traffic processing mechanism. An attacker can intercept and read packets that should be encrypted. Remediation Upgrade github.com/cilium/cilium/bpf to version 1.15.16, 1.16.9, 1.17.3 or...

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes depending on the address family...

CVE-2025-0122

A denial-of-service DoS vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device...

CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets

A denial-of-service DoS vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device...

Palo Alto Networks Prisma SD-WAN ION 安全漏洞

The Palo Alto Networks Prisma SD-WAN ION is a series of next-generation software-defined enterprise branch appliances with integrated 4G or 5G cellular network access from Palo Alto Networks, Inc. in the United States. A security vulnerability exists in the Palo Alto Networks Prisma SD-WAN ION th...