EUVD-2026-33066

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-39929

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

corosync security update

An update is available for corosync. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for Roc...

corosync security update

An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for...

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

CVE-2026-31633

In the Linux kernel rxrpc subsystem, CVE-2026-31633 is addressed by fixing an integer overflow in rxgk_verify_response(). The bug arises when token_len is rounded up before the length check, allowing the check to be bypassed. The patch ensures the unrounded token_len is also compared against len,...

Linux Distros Unpatched Vulnerability : CVE-2026-40613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer...

CVE-2025-27918

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing o...

CVE-2025-59668

CVE-2025-59668 affects NIHON KOHDEN Central Monitor CNS-6201. Multiple versions are vulnerable to a NULL pointer dereference when processing a specially crafted UDP packet, causing the receiving process to terminate abnormally and leading to a denial-of-service. The attack is network-based with n...

CVE-2025-57220

CVE-2025-57220 describes an input validation flaw in the ate service of the Tenda AC10 v4.0 firmware (v16.03.10.09_multi_TDE01) that allows privilege escalation to root via a specially crafted UDP packet. Affected component is the ate service on the AC10, with network-based exploit potential (att...

corosync: Stack buffer overflow from 'orf_token_endian_convert'

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior...

CVE-2025-46629

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet...

AZL-59189 CVE-2025-30472 affecting package corosync 3.0.4-3

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...

Security update for openvswitch

This update for openvswitch fixes the following issues: CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet. bsc1236353 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

Open Virtual Network 访问控制错误漏洞

Open Virtual Network OVN is an open virtual network open sourced by Open Virtual Network. A security vulnerability exists in Open Virtual Network OVN that stems from a specially constructed UDP packet that can bypass an egress ACL, resulting in unauthorized access to virtual machines and containe...

CVE-2023-47279

In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying...

net-snmp: NULL Pointer Exception when handling ipDefaultTTL

A vulnerability was found in Net-SNMP. This issue occurs because the handleipDefaultTTL function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker who has to write access to cause the instance to crash via a crafted UDP packet,...

SUSE CVE-2006-1999

The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu...

SUSE CVE-2012-5965

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType aka urn device field in a U...

DEBIAN-CVE-2022-44792

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...