Linux Distros Unpatched Vulnerability : CVE-2026-10846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and...

FreeBSD : FreeBSD -- Insufficient response validation in the ldns stub resolver (fc0c7763-6477-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc0c7763-6477-11f1-958d-bc241121aa0a advisory. When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the...

CVE-2026-10846 Insufficient verification that responses belong to a query

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

UBUNTU-CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

FreeBSD Security Advisory - FreeBSD-SA-26:36.ldns

FreeBSD Security Advisory - When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the outstanding query. It did not check that the response source address and port matched the query destination, that the transaction ID matched, or that the question...

ALPINE-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. There is a security vulnerability in NLnet Labs Routinator, which may lead to crashes when encountering files defined using a special document type via RRDP...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

CVE-2026-42920

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

RockyLinux 10 : corosync (RLSA-2026:19043)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19043 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via intege...

[SECURITY] [DLA 4608-1] corosync security update

Debian LTS Advisory DLA-4608-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 30, 2026 https://wiki.debian.org/LTS Package : corosync Version : 3.1.2-2+deb11u2 CVE ID : CVE-2026-35091 CVE-2026-35092 Debian Bug : 1133837 1133838 Two vulnerabilities have been...

OESA-2026-2494 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

EUVD-2026-33066

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-39929

CVE-2026-39929 concerns Lakeside SysTrack Agent prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15, where the out-of-bounds read occurs in the UDP Command ID 30 packet handler. The root cause is an invalid memory access triggered by a malformed UDP packet at offset 0x4 in the payload, leadin...

CVE-2026-39929 Lakeside SysTrack Agent LsiAgent.exe Out-of-Bounds Read via UDP

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

PT-2026-44541

Name of the Vulnerable Software and Affected Versions Lakeside SysTrack Agent versions prior to 11.2.1.28 Lakeside SysTrack Agent versions prior to 11.3.0.38 Lakeside SysTrack Agent versions prior to 11.4.0.24 Lakeside SysTrack Agent versions prior to 11.5.0.15 Description An out-of-bounds read...