Lucene search
K

477 matches found

Cvelist
Cvelist
added last week32 views

CVE-2026-13564 Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely...

9CVSS0.00751EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.6 views

CVE-2026-53075

A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51897

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PPPoE driver where the generic PPP layer function ppp input accepts Protocol Field Compression PFC frames, despite PFC not being recommended for PPPoE. If an...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: pppasync: Limited MRU to 64K. The syzbot triggered a warning 1 in allocpages: WARNONONCEGFP order MAXPAGEORDER, gfp. Willem fixed a similar issue in the commit c0a2a1b0d631 “ppp: limited MRU to 64K”. Apply the same sanity chec...

5.5CVSS6.5AI score0.00254EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.36 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM A

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 "Business...

8.2CVSS7.2AI score0.2921EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:3 p.m.36 views

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.9 views

SUSE CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

5.5CVSS5.4AI score0.00389EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 6:39 p.m.11 views

CVE-2026-46306

A flaw was found in the Linux kernel's flow dissector. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted Point-to-Point Protocol over Ethernet PPPoE Protocol Field Compression PFC frame to an affected system. The incorrect processing of...

7.5CVSS5.6AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS0.00389EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 5:16 p.m.13 views

UBUNTU-CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS5.3AI score0.00389EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/27 12:34 p.m.13 views

CVE-2026-45842

A flaw was found in the Linux kernel's SLIP Serial Line Internet Protocol and PPP Point-to-Point Protocol components. An unprivileged local user can exploit this vulnerability by manipulating the PPPIOCSMAXCID ioctl to configure the SLIP Compressed Header SLHC state incorrectly. This...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 11:16 a.m.4 views

UBUNTU-CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

6.8CVSS5.8AI score0.00114EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:24 a.m.7 views

CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

5.8AI score0.00114EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/27 9:24 a.m.34 views

CVE-2026-45842

CVE-2026-45842 concerns the Linux kernel slip module. When rslots are configured to 0 (no receive compression), the code may allocate a NULL rstate and set rslot_limit to 0. The receive path does not guard against this, causing slhc_uncompress() to dereference comp->rstate[x] if the VJ header ...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - pptp: Ensure a minimal skb length in pptpxmit. - Commit aabc6596ffb3 “net: ppp: Add bound checking for skb data on pppsynctxmung” fixed pppsynctxmunge. We need a similar fix in pptpxmit; otherwise, we might read uninit data ...

7.8CVSS6.3AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – incorrect pppoe tuple PPPoE traffic that reaches the ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in th...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: ppp: Associating skb with a device at tx. Syzkaller triggered a flow dissector warning with the following code: c r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e,...

6AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 6:54 a.m.24 views

CVE-2026-6644

The CVE-2026-6644 entry describes a command-injection vulnerability in ADM PPTP VPN Clients that allows an administrative user to escape the restricted web environment and execute arbitrary OS commands, enabling Remote Code Execution and full system compromise. Affected are ADM versions 4.1.0–4.3...

9.4CVSS6.2AI score0.01451EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 6:54 a.m.31 views

CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

9.4CVSS0.01451EPSS
Exploits1References1
Rows per page
Query Builder