Threats Tagged 'cwe-1286'

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.

CVE-2026-24092 is a high-severity vulnerability in Qualcomm Snapdragon devices involving memory corruption triggered by processing fastboot commands to set display mode. The flaw is due to improper validation of the syntactic correctness of input. This vulnerability can lead to complete confidentiality, integrity, and availability compromise. No patch or official remediation has been confirmed yet. The affected versions are not explicitly stated.

CVE-2026-24091 is a high severity vulnerability in Qualcomm Snapdragon devices involving memory corruption triggered by improperly formatted fastboot commands. The flaw stems from improper validation of the syntactic correctness of input, classified under CWE-1286. This vulnerability can lead to complete compromise of confidentiality, integrity, and availability. No patch or official remediation guidance has been provided yet, and no known exploits are reported in the wild. The affected versions are not explicitly stated.

CVE-2026-24089 is a high-severity vulnerability in Qualcomm Snapdragon devices involving memory corruption triggered by processing fastboot commands with invalid input. The flaw relates to improper validation of the syntactic correctness of input data, classified under CWE-1286. This vulnerability can lead to significant confidentiality, integrity, and availability impacts. No official patch or remediation guidance has been provided yet.

CVE-2026-24087 is a high-severity vulnerability in Qualcomm Snapdragon devices involving memory corruption triggered by processing fastboot OEM commands. The flaw relates to improper validation of the syntactic correctness of input, classified under CWE-1286. This vulnerability can lead to complete confidentiality, integrity, and availability compromise. No patch or official remediation guidance is currently available, and no known exploits are reported in the wild.

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17). The packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range. Example: my $cidr = Net::CIDR::Lite->new("::/8"); $cidr->find("1:2:3"); # invalid input, incorrectly returns true This is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module. See also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses.

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections. This issue affects Junos OS on SRX Series and MX Series: * all versions before 22.4R3-S9, * 23.2 version before 23.2R2-S6, * 23.4 version before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R1-S2, 25.2R2.

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

CVE-2024-51982 is a high-severity vulnerability affecting the Brother HL-L8260CDN printer. An unauthenticated attacker able to connect to TCP port 9100 can send a malformed Printer Job Language (PJL) command with a non-numeric FORMLINES variable, causing the device to crash and reboot. This can be repeatedly exploited to cause denial of service. There is no information about an available patch or official remediation at this time.