CVE-2019-15265 Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability

A vulnerability in the bridge protocol data unit BPDU forwarding functionality of Cisco Aironet Access Points APs could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless client...

UBUNTU-CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2write in fs/cifs/smb2pdu.c has a use-after-free...

DEBIAN-CVE-2018-10244

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check...

PT-2019-8750 · Open Information Security Foundation · Suricata

Name of the Vulnerable Software and Affected Versions: Suricata version 4.0.4 Description: The issue arises from incorrect handling of EtherNet/IP PDU parsing, which can lead to the parsing code reading beyond the allocated data due to an integer overflow during a length check in the DecodeENIPPD...

DEBIAN-CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

UBUNTU-CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

CVE-2018-10238

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...

Design/Logic Flaw

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

CVE-2017-10607

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

Design/Logic Flaw

The Aggregated MAC Protocol Data Unit AMPDU implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service device reload via a crafted AMPDU header, aka Bug ID CSCuz56288...

The vulnerability of the NX-OS network operating system allows a hacker to induce a maintenance failure.

The vulnerability of the NX-OS network operating system exists due to insufficient checking of PDU fragments in SNMP packets. Exploiting this vulnerability can allow a malicious actor to trigger a service failure reloading of the SNMP application by using a specially crafted packet...

DEBIAN-CVE-2015-8712

The dissecthsdschchannelinfo function in epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service application crash via a crafted packet...

UBUNTU-CVE-2015-8712

The dissecthsdschchannelinfo function in epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service application crash via a crafted packet...

net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables

It was discovered that the snmppduparse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd...

CVE-2015-2153

The rpkirtrpduprint function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read or write and crash via a crafted header length in an RPKI-RTR Protocol Data Unit PDU...

DCTStream:: readProgressiveDataUnit()

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file...

security flaw

The Unidirectional Lightweight Encapsulation ULE decapsulation component in dvb-core/dvbnet.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service crash via an SNDU length of 0 in a ULE packet...