Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bridge: cfm: Fixed a race condition in the peermep deletion process. When a peer MEP is being deleted, the canceldelayedworksync function is called on ccmrxdwork before freeing the object. However, brcfmframerx runs in a softirq...

CVE-2026-36777

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

Juniper Junos OS Vulnerability (JSA100058)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100058 advisory. - An Out-of-bounds Write vulnerability in the connectivity fault management CFM daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line...

CVE-2026-4975 Tenda AC15 POST Request setcfm formSetCfm memory corruption

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

CVE-2026-4975

The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...

CVE-2026-4904

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

CVE-2026-3972

A vulnerability was found in Tenda W3 1.0.0.32204. Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network...

CVE-2026-23393

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

UBUNTU-CVE-2026-23393

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

CVE-2026-23393

CVE-2026-23393 – Linux kernel (bridge/cfm) race fix : A race during peer MEP deletion could occur because br_cfm_frame_rx() could re-schedule ccm_rx_dwork while peer_mep is freed under RCU, risking use-after-free. The fix replaces cancel_delayed_work_sync() with disable_delayed_work_sync() in bot...

CVE-2026-23393

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

CVE-2026-3972 Tenda W3 HTTP setcfm formSetCfm stack-based overflow

A vulnerability was found in Tenda W3 1.0.0.32204. Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network...

EUVD-2026-10346

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

CVE-2026-3799

A flaw has been found in Tenda i3 1.0.0.62204. This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

EUVD-2026-10231

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-3728

Technical details beyond what is provided here are not publicly available in the supplied documents. Monitor for updates from vendors and CVE databases.

PT-2026-27758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the bridge component when deleting a peer MEP Maintenance Engineering Protocol. Specifically, the issue occurs because cancel delayed work sync was called on c...

PT-2025-51298

Name of the Vulnerable Software and Affected Versions Lucee version 5.4.2.17 Description An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted...