Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerabilities have been resolved: IGMP: Fixed race conditions related to sysctligmpqrv. When reading sysctligmpqrv, it can be changed concurrently. Therefore, we need to add READONCE to its readers. This test can be incorporated into a helper function; such...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001733 advisory. In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet...

CVE-2025-50681

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...

EUVD-2025-27687

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-38550

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return...

Linux Distros Unpatched Vulnerability : CVE-2022-20141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing...

Linux Distros Unpatched Vulnerability : CVE-2025-21884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

CVE-2023-34552

In certain EZVIZ products, two stack based buffer overflows in mulicastparsesadppacket and mulicastgetpacktype functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects...

SUSE CVE-2022-49590

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctligmpllmreports. While reading sysctligmpllmreports, it can be changed concurrently. Thus, we need to add READONCE to its readers. This test can be packed into a helper, so such changes will be in...

Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference

Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...

Stack overflow

In certain EZVIZ products, two stack based buffer overflows in mulicastparsesadppacket and mulicastgetpacktype functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects...

CVE-2023-34552

In certain EZVIZ products, two stack based buffer overflows in mulicastparsesadppacket and mulicastgetpacktype functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

SUSE CVE-2011-0709

The brmdbipget function in net/bridge/brmulticast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an IGMP packet, related to lack of a multicast table...

SUSE CVE-2017-13767

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation...

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...

Tcpdump PIM Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.PIM parser is one of the PIM multicast protocol parsers. A buffer...

Cisco IOS/IOS multicast subsystem denial of service vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. A denial of service vulnerability exists in Cisco IOS/IOS XE Software in the multicast subsystem. Exploitation of this vulnerability by an unauthenticated, remote attacker could resu...

Microsoft Windows PGM Fragment Handling Denial of Service (MS08-036; CVE-2008-1441)

PGM is a reliable and scalable multicast protocol that enables receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. The vulnerability is due to the PGM's parsing code that fails to properly handle malformed PGM packets that contain an...