14 matches found
CVE-2026-23304
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix NULL pointer deref in ip6rtgetdevrcu l3mdevmasterdevrcu can return NULL when the slave device is being un-slaved from a VRF. All other callers deal with this, but we lost the fallback to loopback in ip6rtpcpualloc -...
CVE-2026-23304
The connected advisories confirm CVE-2026-23304 affects the Linux kernel IPv6 routing code. Root cause: l3mdev_master_dev_rcu() can return NULL when a slave device is un-slaved from a VRF, and ip6_rt_get_dev_rcu() used by ip6_rt_pcpu_alloc() did not fall back to loopback, causing a NULL pointer d...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
SUSE SLES12 Security Update : kernel (Live Patch 64 for SLE 12 SP5) (SUSE-SU-2025:03577-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03577-1 advisory. This update for the Linux Kernel 4.12.14-122244 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix...
SUSE SLES15 Security Update : kernel (Live Patch 55 for SLE 15 SP3) (SUSE-SU-2025:03529-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03529-1 advisory. This update for the Linux Kernel 5.3.18-15030059198 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc:...
SUSE-SU-2025:03539-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. -...
SUSE-SU-2025:20819-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-50154: tcp/dccp: Don't use timerpending in reqskqueueunlink bsc1233072 - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc124074...
Juniper Junos OS Vulnerability (JSA100060)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100060 advisory. - A Missing Authorization vulnerability in the internal virtual routing and forwarding VRF of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain...
SUSE CVE-2024-49980
In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...
Cisco IOS XE Software IPv6 VPN over MPLS DoS (cisco-sa-iosxe-6vpe-dos-tJBtf5Zv)
A vulnerability in the implementation of IPv6 VPN over MPLS 6VPE with Zone-Based Firewall ZBFW of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to improper error handling of an IPv6...
The vulnerability of Cisco IOS and IOS XE operating system SSH servers allows attackers to circumvent security restrictions.
The vulnerability of Cisco IOS and IOS XE operating systems’ SSH servers is related to errors in the mechanisms for checking access to the SSH server, originating from instances of Virtual Routing and Forwarding VRF. Exploiting this vulnerability can allow a malicious actor to establish an SSH...
CVE-2018-0484
A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...
CVE-2015-5434
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding VRF hopping."...
CVE-2015-5434
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding VRF hopping."...