UBUNTU-CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-53064 idpf: fix idpf_vc_core_init error path

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-53064 idpf: fix idpf_vc_core_init error path

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-50274 idpf: avoid vport access in idpf_get_link_ksettings

In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpfgetlinkksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it releases the resources and...

Security Advisory 0106

Security Advisory 0106 . CSAF PDF Date: November 19, 2024 Revision | Date | Changes ---|---|--- 1.0 | November 19, 2024 | Initial release Description The CVE-ID tracking this issue: CVE-2024-5872 CVSSv3.1 Base Score: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Common Weakness Enumeration:...

Important: Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update

Control plane Operators for RHOSO 18.0.3 Feature Release 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane

Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats...

K000140061: BIG-IP monitors vulnerability CVE-2024-45844

Security Advisory Description BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or modify the configuration. CVE-2024-45844 Impact This vulnerability may allow an authenticated attacker with Manager role privileg...

K000141080: BIG-IQ vulnerability CVE-2024-47139

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IQ user interface that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. CVE-2024-47139 Impact An authenticated...

CVE-2024-47498

An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. Several configuration statements meant to enforce limits on MAC learning and moves can be...

CVE-2024-47498

CVE-2024-47498 affects Junos OS Evolved on QFX5000 Series. The issue is an unimplemented/unsupported feature in the UI of the CLI that, when configured, does not enforce limits on MAC learning/moves, potentially causing control-plane overload and a denial of service for legitimate traffic. The vu...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2024-20434

Cisco IOS XE Software is affected by a CVE-2024-20434 DoS vulnerability where an unauthenticated, adjacent attacker can exploit mis‑handling of frames with VLAN tag information to render the control plane unresponsive. The issue specifically affects the control plane; data plane traffic remains u...

Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

Cisco IOS XE Software Catalyst 9000 Series Switches DoS (cisco-sa-vlan-dos-27Pur5RT)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is d...

CVE-2024-20317

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service DoS condition. This...

CVE-2024-20317 Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service DoS condition. This...

Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient...

Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service DoS condition. This...