157 matches found
CVE-2026-42920
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42920
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42920
CVE-2026-42920 affects BIG-IP DTLS: when a Client SSL profile has Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, resulting in a DoS as TMM restarts. The F5 advisory notes this is a data-plane issue with rem...
CVE-2026-42920 BIG-IP DTLS Vulnerability
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42920 BIG-IP DTLS Vulnerability
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000160901: BIG-IP DTLS vulnerability CVE-2026-42920
Security Advisory Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-42920 Impact Traffic is disrupted while the TMM process restarts. This...
PT-2026-40675
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic ca...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from the...
Netty Lz4FrameDecoder is vulnerable to resource exhaustion
Summary Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. Details...
EUVD-2026-27804
In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAXMWS, This patch protects against invalid index out of bounds access to mwsizes When invalid access prin...
CVE-2026-41667
Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...
Linux Distros Unpatched Vulnerability : CVE-2026-31641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes eac...
CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31630
In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AFRXRPC procfs helpers format local and remote socket addresses into fixed 50-byte stack buffers with "%pISpc". That is too small for the longest current-tree IPv6-with-port...
EUVD-2026-25523
In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AFRXRPC procfs helpers format local and remote socket addresses into fixed 50-byte stack buffers with "%pISpc". That is too small for the longest current-tree IPv6-with-port...
CVE-2026-31630
In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AFRXRPC procfs helpers format local and remote socket addresses into fixed 50-byte stack buffers with "%pISpc". That is too small for the longest current-tree IPv6-with-port...
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...
CVE-2026-41078
OpenTelemetry dotnet CVE-2026-41078 affects OpenTelemetry.Exporter.Jaeger (pre-1.6.0-rc.1 and earlier). The issue: memory pressure caused by unbounded pooled-list sizing in the Jaeger exporter conversion path, where oversized allocations from large span/tag sets can be reused for later allocation...