CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

NVD•added 2026/06/08 5:16 p.m.•7 views

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS0.00389EPSS

Exploits0References8

RedhatCVE•added 2026/05/27 12:34 p.m.•10 views

CVE-2026-45842

A flaw was found in the Linux kernel's SLIP Serial Line Internet Protocol and PPP Point-to-Point Protocol components. An unprivileged local user can exploit this vulnerability by manipulating the PPPIOCSMAXCID ioctl to configure the SLIP Compressed Header SLHC state incorrectly. This...

5.5CVSS5.8AI score0.00164EPSS

Exploits0References4

CVE•added 2026/05/27 9:24 a.m.•17 views

CVE-2026-45842

The CVE-2026-45842 issue affects the Linux kernel’s SLIP/Slip+PPP path. When rslots == 0 (no receive compression), comp->rstate remains NULL and rslot_limit becomes 0, but the receive helpers do not guard against this. As a result, slhc_uncompress() can dereference comp->rstate[x] and slhc_...

5.8AI score0.00164EPSS

Exploits0References8

Redos•added 2026/04/07 12:0 a.m.•3 views

ROS-20260407-73-0024

A vulnerability in the Linux operating system kernel ppp driver is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability allows an attacker to cause a denial of service...

4.7CVSS6AI score0.00105EPSS

Exploits0

Zero Day Initiative•added 2026/03/30 12:0 a.m.•1 views

(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rules. The issue results from failing to...

6.3CVSS5.5AI score0.00281EPSS

Exploits0References1

OSV•added 2026/01/23 12:24 p.m.•4 views

OESA-2026-1231 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However,...

7.8CVSS5.6AI score0.00239EPSS

Exploits0References18

Tenable Nessus•added 2026/01/22 12:0 a.m.•8 views

Azure Linux 3.0 Security Update: ppp (CVE-2020-8597)

The version of ppp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-8597 advisory. - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse...

9.8CVSS8.7AI score0.19582EPSS

Exploits3References2

Tenable Nessus•added 2026/01/03 12:0 a.m.•0 views

EulerOS Virtualization 2.10.1 : ppp (EulerOS-SA-2026-1005)

According to the versions of the ppp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.CVE-2024-58250 Tenable has extracted the preceding description...

9.3CVSS5.5AI score0.0019EPSS

Exploits0References2

OSV•added 2025/12/09 1:16 a.m.•2 views

DEBIAN-CVE-2022-50655

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

5.3AI score0.00176EPSS

Exploits0References1

OSV•added 2025/12/09 12:0 a.m.•2 views

CVE-2022-50655 ppp: associate skb with a device at tx

6.3AI score0.00176EPSS

Exploits0References9

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-49669

In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp tunnel register When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tp tunnel register. This situation is reproduc...

6.2AI score0.00156EPSS

Exploits0References6

RedHat Linux•added 2025/11/11 8:21 a.m.•2 views

kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung

An out-of-bounds read vulnerability exists in the pppsynctxmunge function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed...

7.1CVSS7.1AI score0.00161EPSS

Exploits0References5

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989862)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989862 advisory. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'pppasyncencode' assumes valid LC...

5.5CVSS6.1AI score0.00287EPSS

Exploits0References4