PT-2021-19639 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to and including 5.0.2 Description: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are...

User may trigger invariant when allowed to send commands directly to shards

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...

Cisco IOS and Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2021-80668)

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. Cisco IOS XE Software is a single operating system for enterprise wired and wireless access, aggregatio...

Cisco IOS and Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2021-80666)

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN,...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=5.2.1) +43 more potentially affected by CVE-2021-38153 via org.apache.kafka:kafka_2.13 (>=2.7.0 <=2.7.1)

org.apache.kafka:kafka2.13 MAVEN version =2.7.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =1.10, =2.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.2.1, =4.0.7 - io.github.embeddedkafka:embedded-kafka-connect2.13 =2.7.0 and more Source cves: CVE-2021-38153 Source advisory: OSV:GHSA-3J6G-HXX5-3Q26...

CVE-2021-34696

The CVE-2021-34696 entry affects Cisco ASR 900 and ASR 920 Series Aggregation Services Routers. The vulnerability originates from incorrect hardware programming when ACLs are configured by methods other than the configuration CLI, allowing an unauthenticated, remote attacker to bypass a configure...

CVE-2021-34696 Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a...

Cisco ASR 900 安全漏洞

The Cisco ASR 900 is a 900 series aggregation services router from Cisco. A security vulnerability exists in the Cisco ASR 900 and ASR 920 that results from a hardware programming error when configuring ACLs using methods other than the configuration command line. An attacker could use this...

Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi

I discovered three design flaws in the Wi-Fi standard and widespread related implementation flaws see GitHub overview and test tool. Here I'll specifically cover open source software. These findings have not received bug bounties from other sources. Implementation flaws allowing trivial packet...

The vulnerability of the implementation of the VXLAN technology by Juniper Networks’ Modular Port Concentrator devices for Junos OS-based MX routers allows a attacker to cause a service failure.

The vulnerability of the VXLAN technology implemented by Juniper Networks’ Modular Port Concentrator for Junos OS routers of the MX series is related to insufficient checking of unusual or exceptional states when using the LACP protocol. Exploiting this vulnerability can allow a malicious actor t...

Protect

On May 11th, 2021, Mathy Vanhoef New York University Abu Dhabi published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol 802.11 is the standard that Wi-Fi is built on. The paper discloses three...

GSD-2021-1000259 udp: skip L4 aggregation for UDP tunnel packets

udp: skip L4 aggregation for UDP tunnel packets This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

UVI-2021-1000259 udp: skip L4 aggregation for UDP tunnel packets

udp: skip L4 aggregation for UDP tunnel packets This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

The vulnerability in the web interface for managing application data collection and aggregation from Cisco DNA Spaces Connector controllers and access points arises from the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability in the web interface for managing data collection and aggregation from Cisco DNA Spaces Connector controllers and access points is related to the failure to eliminate special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker...

Juniper Junos OS DoS (JSA11125)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11125 advisory. On Juniper Networks Junos OS platforms with link aggregation lag configured, executing any operation that fetches Aggregated Ethernet AE interface statistics, including but...

FragAttack: New Wi-Fi vulnerabilities that affect… basically everything

A new set of vulnerabilities with an aggressive name and their own website almost always bodes ill. The name FragAttack is a contraction of fragmentation and aggregation attacks, which immediately indicates the main area where the vulnerabilities were found. The vulnerabilities are mostly in how...

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame...

CVE-2021-0230

On Juniper Networks SRX Series devices with link aggregation lag configured, executing any operation that fetches Aggregated Ethernet AE interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic wil...

CVE-2021-0230

CVE-2021-0230 affects Juniper Networks Junos OS on SRX Series devices with link aggregation (lag). When performing operations that fetch AE interface statistics (e.g., SNMP GET), a slow kernel memory leak can consume memory, potentially impacting traffic and requiring a reboot. Affected versions ...

PT-2021-12943 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series versions 17.1R3 through 17.3R3-S10 Juniper Networks Junos OS on SRX Series versions 17.4 through 17.4R3-S4 Juniper Networks Junos OS on SRX Series versions 18.2 through 18.2R3-S6 Juniper Networks Junos ...