191 matches found
EUVD-2026-36435
Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...
CVE-2026-42960
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
Astra Linux - уязвимость в linux, linux-5.10
A flaw was discovered in the Linux SCTP stack. A blind attacker may be able to terminate an existing SCTP connection by using invalid chunks, provided that the attacker knows the IP addresses and port numbers being used, and that the attacker can send packets with spoofed IP addresses...
EUVD-2026-13861
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...
CVE-2026-32666
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...
CVE-2026-25086
CVE-2026-25086 affects Automated Logic WebCTRL Premium Server. Under certain conditions, an attacker could bind to the same port used by WebCTRL, enabling the crafting and sending of malicious packets and impersonation of the WebCTRL service without requiring code injection into WebCTRL. The prov...
PT-2026-26701
Name of the Vulnerable Software and Affected Versions WebCTRL affected versions not specified Description WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001484)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001484 advisory. A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the...
CVE-2010-0293
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service memory consumption via spoofed 1 NTP or 2 cmdmon packets...
CVE-2025-40820
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
EUVD-2025-201923
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
CVE-2025-40820
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
CVE-2025-40820
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
CVE-2025-40820
CVE-2025-40820 describes a vulnerability in Siemens’ IP stack (Interniche TCP/IP) affecting multiple Siemens products. The issue arises from improper enforcement of TCP sequence number validation, permitting an unauthenticated remote attacker to interfere with connection setup in TCP-based servic...
PT-2025-49838
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
Siemens Interniche IP-Stack
SUMMARY Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to...
powerdns-recursor -- cache pollution
PowerDNS Team reports: It has been brought to our attention that the Recursor does not apply strict enough validation of received delegation information. The malicious delegation information can be sent by an attacker spoofing packets...
EUVD-2017-3682
Malware in sbrugna...
EUVD-2017-3681
Malware in sbrugna...
EUVD-2002-2314
Malware in sbrugna...