DEBIAN-CVE-2021-43845

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA a...

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...

NetBSD 安全特征问题漏洞

NetBSD is an open source Unix-like operating system from the NetBSD Foundation. NetBSD suffers from a security signature issue vulnerability that stems from an information leak in the TCP ISN ISS generation algorithm in NetBSD through 9.2...

PT-2021-24252 · Netbsd · Netbsd

Name of the Vulnerable Software and Affected Versions: NetBSD versions prior to 9.3 Description: The issue is related to an information leak in the TCP ISN ISS generation algorithm. This leak may potentially allow attackers to gather sensitive information. Recommendations: For versions prior to...

UBUNTU-CVE-2021-43804

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against th...

The vulnerability of the TCP/IP protocol implementation in the Microsoft Windows operating system allows a perpetrator to cause a service failure.

The vulnerability of the TCP/IP protocol implementation in the Microsoft Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted input data to the application...

The vulnerability of the TCP Normalizer component of the microprogramming software for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause a service failure.

The vulnerability of the TCP Normalizer component in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems is related to the lack of integrity checking for messages. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending...

USN-5162-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

DEBIAN-CVE-2021-37592

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments...

UBUNTU-CVE-2021-37592

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments...

OESA-2021-1433 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packe...

Suricata 缓冲区错误漏洞

Suricata is a network intrusion detection system IDS, intrusion prevention system IPS, and network security monitoring engine developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load pre-defined...

The vulnerability of the TCP/IP protocol implementation in Microsoft Windows operating systems allows a perpetrator to cause service failures.

The vulnerability of the TCP/IP protocol implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

kernel: Race condition in sctp_destroy_sock list_del

A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

Siemens Nucleus ReadyStart 安全漏洞

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. A denial-of-service vulnerability exists in Siemens Nucleus ReadyStart, which is used to accelerate the fast startup of complete systems and provides a rich board-level support package Bsp. The vulnerability stems from the...

PT-2021-6895 · Mentor Graphics +1 · Nucleus Net +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 40...

Vulnerabilities fixed in Nucleus NET stack

Forescout researchers have found 13 vulnerabilities in the Siemens Nucleus NET stack. This is a network stack that is used by both Siemens products as well as products from other vendors used. The vulnerabilities have collectively been named "NUCLEUS:13." assigned. The vulnerabilities were found ...

Cisco Firepower Threat Defense（FTD）和Cisco Adaptive Security Appliances Software（ASA Software） 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software, which is caused by an error in the...

The vulnerability of the WebRTC component in the Google Chrome web browser, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WebRTC component in the Google Chrome web browser is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions through a specially create...