1466 matches found
Astra Linux – Vulnerability in NTP
The praecisparse function in ntpd/refclockpalisade.c, within NTP 4.2.8p15, contains an out-of-bounds write vulnerability. Any attack method would be complex, for example, using a manipulated GPS receiver...
Astra Linux – Vulnerability in NTP
In the file libntp/mstolfp.c, within the NTP 4.2.8p15 version, there is a buffer overflow vulnerability when adding a decimal point. An attacker may be able to exploit a client ntpq process, but they cannot exploit ntpd...
Astra Linux – Vulnerability in NTP
In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...
Astra Linux – Vulnerability in NTP
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - ice: Fixed the issue where calls to PF PTP cleanup the iceptpcleanuppf function and the pslock mutex deinitialization were missed during the error path when removing a driver. This issue could occur either at the driver prob...
Astra Linux – Vulnerability in NTP
In NTP versions 4.2.8, 4.2.8p15, and 4.3.x, before 4.3.101, remote attackers could cause a denial of service memory consumption by sending packets. This occurs because memory is not released in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ptp: Unregistering virtual clocks when unregistering a physical clock. When unregistering a physical clock that contains virtual clocks, the virtual clocks must also be unregistered. This fix resolves the following errors that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared-phydev for LAN8814 Currently, during the LAN8814 PTP probe, shared-phydev is only set if the PTP clock is actually set. Otherwise, the function returns before setting it. This is a problem...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ice: Do not process extts if PTP is disabled The iceptpexttsevent function can race with iceptprelease, resulting in a NULL pointer dereferencing, which can lead to a kernel panic. A panic occurs because the iceptpexttsevent...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fixed use-after-free bugs in otx2synctstamp. The original code relies on canceldelayedwork in otx2ptpDestroy, which does not ensure that the delayed work item synctstampwork has fully completed if it was already...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: A memory barrier is required to ensure that the PTP WQ xmit submission tracking occurs after populating the metadatamap. Simply reordering the functions mlx5eptpmetadatamapput and mlx5eptpsqtrackmetadata within the...
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the rtpqdm2depay component allows a remote attacker to execute arbitrary code. The flaw occurs due to insufficient validation of user-supplied data length during the processing of X-QDM Real-time Transport Protocol RT...
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the rtpqdm2depay component allows a remote attacker to execute arbitrary code. The flaw occurs due to insufficient validation of user-supplied data length during the processing of X-QDM Real-time Transport Protocol RT...
GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay
A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...
CVE-2026-36741
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...
EUVD-2026-30044
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...
CVE-2026-36741
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...
CVE-2026-36741
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...
U-SPEED AC1200 安全漏洞
The U-SPEED AC1200 is a Gigabit dual-band Wi-Fi router produced by the U-SPEED company. The U-SPEED AC1200 T18-21K V1.0 version contains a security vulnerability. This vulnerability arises from the incorrect handling of user input in the NTP configuration interface. As a result, authenticated use...
PT-2026-40706
Name of the Vulnerable Software and Affected Versions U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K version 1.0 Description The Network Time Protocol NTP configuration interface fails to properly sanitize user-supplied input. An authenticated user with permissions to modify NTP settings can...