24124 matches found
CVE-2026-57020
CVE-2026-57020 affects Junos OS on Juniper’s QFX10000 Series. The issue arises in the packet forwarding engine (pfe) where an unauthenticated, adjacent attacker can trigger a DoS by sending IPv6 multicast traffic in an EVPN-VxLAN setup; if these packets reach the spine’s non-IRB interface, they f...
CVE-2026-57019 Junos OS: MX Series: Specific traffic causes an FPC to reset
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
CVE-2026-57019
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
EUVD-2026-42701
An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for...
CVE-2026-33800 Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an FPC crash
An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for...
CVE-2026-33800
CVE-2026-33800 affects Junos OS on MX Series (MX FPCs up to MPC9). The issue is caused by an unchecked input for a loop condition in PFEMAN, where high-rate Micro-BFD session flaps queue events and a VC with locality-bias amplifies processing time, causing PFEMAN to miss processing and the PFEMAN...
CVE-2026-60094
Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...
CVE-2026-60094
Vulnerability overview (CVE-2026-60094): Vinchin Backup & Recovery up to 9.0.0.86562 is affected by a heap buffer overflow in the agentlink_server. According to the records, an unauthenticated remote attacker can send a malformed TCP packet with an unchecked body_len field, passing an attacker-co...
EUVD-2026-42587
Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...
CVE-2026-15173
A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the pcapng file parser, leading to a crash of the application. This denial of service DoS could prevent legitimate users from accessing the service, impacting its availability. Mitigation To mitigate this issue, use...
CVE-2026-15165
A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service by crafting a malicious TLS Encrypted Client Hello ECH packet. When Wireshark attempts to decrypt this malformed packet, it can lead to a crash of the application, making it unavailable...
CVE-2026-15172
A flaw was found in Wireshark. A local user could exploit this vulnerability by processing a specially crafted FMP/NOTIFY protocol packet. This could lead to a denial of service DoS due to a crash in the protocol dissector, making the application unavailable. Mitigation To mitigate this issue,...
CVE-2026-29008
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
CVE-2026-29008
U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...
CVE-2026-29007
CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...
389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...
389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...
389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
Important: Red Hat Security Advisory: redhat-ds:12 security update
An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.2 E4S for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...