22581 matches found
CVE-2026-57028
CVE-2026-57028 affects Juniper Networks Junos OS Evolved. An incorrectly initialized process meant to communicate only internally can be reached over the network via an open port, enabling an unauthenticated, network-based attacker to gain unauthorized access to license management. Affected scope...
CVE-2026-57028 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...
CVE-2026-33803
CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....
CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...
CVE-2026-33803
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...
CVE-2026-60109
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-14362
A flaw was found in HashiCorp memberlist. An attacker with network access to the gossip port could exploit a vulnerability in the push/pull state handling. This could lead to memory exhaustion on a receiving node, causing the process to terminate. This flaw results in a Denial of Service DoS...
CVE-2026-60109 Zeek < 8.0.9 Null Pointer Dereference DoS via Kerberos KRB_ERROR Parsing
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-60109 Zeek < 8.0.9 Null Pointer Dereference DoS via Kerberos KRB_ERROR Parsing
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
EUVD-2026-42598
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-60109
Zeek
CVE-2026-60109 Zeek < 8.0.9 Null Pointer Dereference DoS via Kerberos KRB_ERROR Parsing
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
EUVD-2026-42517
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
PT-2026-56810
Name of the Vulnerable Software and Affected Versions Zeek versions prior to 8.0.9 Description A null pointer dereference exists in the Kerberos protocol analyzer. An unauthenticated remote attacker can cause the sensor to crash by sending a specially crafted KRB ERROR message with error-code 25...
CVE-2025-45422
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...
CVE-2025-45422
The CVE-2025-45422 entry concerns Proximus b-box v8c.725A and describes an Incorrect access control vulnerability. According to the sources, authenticated attackers can bypass normal restrictions and make arbitrary changes to port forwarding rules. The NVD metrics indicate a CVSS 3.1 base score o...
EUVD-2026-42077
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE...
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...
CVE-2026-14362
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...
EUVD-2026-42342
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...