7000 matches found
Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. id: CVE-2024-0801 info: name: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll author: daffainfo severity: high description: | A denial of service vulnerability exists i...
Arcserve UDP <= 9.0.6034 - Authentication Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...
CVE-2026-53362
A flaw was found in the Linux kernel's ipv6 networking subsystem. An incorrect parameter length calculation allows an attacker with permissions to create UDP sockets to trigger overwrites of kernel memory, potentially leading to privilege escalation, data corruption, or a system crash. Mitigation...
CVE-2026-11352
An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...
CVE-2026-58465
The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...
CVE-2026-55950
Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...
BIT-ENVOY-2026-48497 Envoy: Abnormal process termination in DNS UDP filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...
CVE-2026-13799
Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...
OPENSUSE-SU-2026:21184-1 Security update for coturn
This update for coturn fixes the following issues: Changes in coturn: - Update to version 4.14.0 New No more dependency on prometheus-client-c HTTPS support for prometheus client optional TLS support for redis - now compatible with managed redis optional. Rate limiting "401 Unauthorized" response...
Linux Distros Unpatched Vulnerability : CVE-2026-53184
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratc...
GHSA-QH5X-RFWF-RVFV Hysteria vulnerable to server crash when max_datagram_frame_size very small
Summary An authenticated client can crash the Hysteria server by advertising a very small QUIC maxdatagramframesize and then triggering a UDP response from the server. When the server tries to send the UDP response back via QUIC DATAGRAM, quic-go returns DatagramTooLargeError. The server then...
CVE-2026-53151
A flaw was found in the Linux kernel's AFRXRPC subsystem. This vulnerability involves incorrect handling of fragmented UDP packets when parsing the SACK Selective Acknowledgment table. An attacker could potentially craft a fragmented UDP packet to trigger an incorrect buffer access within the...
CVE-2026-53184
A flaw was found in the Linux kernel. When a User Datagram Protocol UDP socket is configured with a sockmap, and a BPF Berkeley Packet Filter program attached to it calls a socket-lookup helper, the skb-dev field is not properly cleared. This improper handling of the skb-dev field can lead to a...
CVE-2026-53184
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
UBUNTU-CVE-2026-53184
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
EUVD-2026-39326
In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...
CVE-2026-53184 udp: clear skb->dev before running a sockmap verdict
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
EUVD-2026-39275
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
CVE-2026-53151
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...
CVE-2026-53151
CVE-2026-53151 concerns the Linux kernel AF_RXRPC subsystem, where legacy parsing of the SACK table could trigger an invalid buffer access when processing fragmented UDP packets. The fix updates rxrpc_input_soft_acks() and rxrpc_input_ack() logic so that SACK contents are not copied into a flat b...