Lucene search
+L

482 matches found

Cvelist
Cvelist
added 2026/06/29 11:45 a.m.36 views

CVE-2026-13564 Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely...

9CVSS0.00751EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:15 a.m.3 views

ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

...

9.8CVSS6.1AI score0.00182EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:12 a.m.3 views

pppoe: drop PFC frames

...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:13 a.m.5 views

SUSE CVE-2026-53003

In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.9 views

CVE-2026-53075

A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51897

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PPPoE driver where the generic PPP layer function ppp input accepts Protocol Field Compression PFC frames, despite PFC not being recommended for PPPoE. If an...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References153
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.36 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM A

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 "Business...

8.2CVSS7.2AI score0.2921EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:3 p.m.43 views

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.11 views

SUSE CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

5.5CVSS5.4AI score0.00389EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 6:39 p.m.13 views

CVE-2026-46306

A flaw was found in the Linux kernel's flow dissector. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted Point-to-Point Protocol over Ethernet PPPoE Protocol Field Compression PFC frame to an affected system. The incorrect processing of...

7.5CVSS5.6AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.19 views

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS0.00389EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 5:16 p.m.17 views

UBUNTU-CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS5.3AI score0.00389EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/27 12:34 p.m.15 views

CVE-2026-45842

A flaw was found in the Linux kernel's SLIP Serial Line Internet Protocol and PPP Point-to-Point Protocol components. An unprivileged local user can exploit this vulnerability by manipulating the PPPIOCSMAXCID ioctl to configure the SLIP Compressed Header SLHC state incorrectly. This...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 11:16 a.m.6 views

UBUNTU-CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

6.8CVSS5.8AI score0.00114EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:24 a.m.8 views

CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

5.8AI score0.00114EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/27 9:24 a.m.39 views

CVE-2026-45842

CVE-2026-45842 concerns the Linux kernel slip module. When rslots are configured to 0 (no receive compression), the code may allocate a NULL rstate and set rslot_limit to 0. The receive path does not guard against this, causing slhc_uncompress() to dereference comp->rstate[x] if the VJ header ...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: ppp: Associating skb with a device at tx. Syzkaller triggered a flow dissector warning with the following code: c r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e,...

6AI score0.00183EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – incorrect pppoe tuple PPPoE traffic that reaches the ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in th...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References2
Rows per page
Query Builder