PT-2025-49838

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...

EUVD-2021-27041

Malware in sbrugna...

EUVD-2024-31553

Malicious code in bioql PyPI...

EUVD-2024-22995

Malicious code in bioql PyPI...

CVE-2024-25679

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTIONCLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation...

CVE-2024-33844

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAVMISSIONTYPE0, 1, 2, 255, which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSIONCOUNT command with a wrong MAVMISSIONTYPE...

CVE-2021-34150

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections disabling the AB5301A inqui...

CVE-2024-34036

An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp...

CVE-2025-23028 DoS in Cilium agent DNS proxy from crafted DNS responses

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an...

PT-2024-25506 · Parrot · Parrot Anafi Usa

Name of the Vulnerable Software and Affected Versions: Parrot ANAFI USA firmware version 1.10.4 Description: The issue concerns a lack of validation for the MAV MISSION TYPE in the Parrot ANAFI USA firmware, specifically for values 0, 1, 2, and 255. This allows an attacker to disrupt the connecti...

CVE-2024-25679

Affected software : PQUIC (open source). Vulnerability : retention of unused initial encryption keys can disrupt a PSK-configured connection by sending a CONNECTION_CLOSE frame encrypted with the initial key computed (pre-5bde5bb). Impact : confidentiality impact HIGH; availability impact LOW; ot...

Extended ICA connection interruption during NetScaler HA failover on Azure

Users are encountering extended ICA connection interruptions during NetScaler High Availability HA failover events within the Azure environment. The HA node pairs have been configured on Azure, with VPX serving as the Citrix Gateway for a Citrix Virtual Apps and Desktops CVAD environment. Upon...

CVE-2021-34144

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMPSCOLinkRequest packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections disabling the AB5301A inqui...

mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection, causing a denial of service of the MySQL Connectors...

Denial of Service Vulnerability in Omron Small PLC Series CP1L (CNVD-2020-58493)

CP1L is Omron's compact PLC series, an all-in-one PLC with built-in pulse output, analog input/output, and serial communication functions. A denial of service vulnerability exists in Omron Small PLC Series CP1L, which can be exploited by attackers to cause a device connection to be interrupted...

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

Wind River VXWorks TCP Predictable Vulnerability

VxWorks is a real-time operating system widely used on ICS-related devices. VxWorks software generates predictable initial TCP sequential numbers that can be predicted by an attacker based on previous values to spoof or interrupt TCP connections...

Sun Directory Server LDAP Denial of Service (CVE-2006-0647)

Sun Directory Server is a distributed directory server based on the Lightweight Directory Access Protocol LDAP. The server listens for LDAP requests on a port specified during installation. The default port assigned to the server during installation is randomly selected. There exists a...

CVE-2007-0244

pptpgre.c in PoPToP Point to Point Tunneling Server pptpd before 1.3.4 allows remote attackers to cause a denial of service PPTP connection tear-down via 1 GRE packets with out-of-order sequence numbers or 2 certain GRE packets that are processed using a wrong pointer and improperly dequeued...

PIX Firewall 2.7/3.x/4.x/5 - Forged TCP RST

// source: https://www.securityfocus.com/bid/1454/info A connection through a Cisco Secure PIX Firewall can be reset by a third party if the source and destination IP addresses and ports of the connection can be determined or inferred. This can be accomplished by sending a forged TCP Reset RST...