Lucene search
K

1930 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.2 views

SUSE CVE-2016-9312

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet...

7.5CVSS6.8AI score0.31715EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.2 views

SUSE CVE-2016-10229

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag...

9.8CVSS8.3AI score0.12791EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.1 views

SUSE CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation before 2.6.22.17 used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the syst...

7.8CVSS6.8AI score0.05176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-6074

The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an application that makes an IPV6RECVPKTINF...

7.8CVSS5.9AI score0.0596EPSS
Exploits13References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.1 views

SUSE CVE-2017-8824

The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...

8.4CVSS6.8AI score0.01355EPSS
Exploits5References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.7AI score0.01274EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.2 views

SUSE CVE-2018-16229

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccpprintoption...

5.3CVSS7.5AI score0.06816EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.6 views

SUSE CVE-2018-18065

setkey in agent/helpers/tablecontainer.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

7.5CVSS6.4AI score0.17189EPSS
Exploits1References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...

7.5CVSS6.9AI score0.8864EPSS
Exploits3References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000116

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution...

9.8CVSS9.9AI score0.06509EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.7 views

SUSE CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

9.8CVSS8.4AI score0.01707EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

5.3CVSS6.6AI score0.02605EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.5 views

SUSE CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS8.3AI score0.03388EPSS
Exploits0References53
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

7.4CVSS8.7AI score0.06692EPSS
Exploits1References38
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-35471

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500...

7.5CVSS9.3AI score0.02364EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

7.4CVSS6.6AI score0.06902EPSS
Exploits0References40
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

8.1CVSS7.8AI score0.52838EPSS
Exploits10References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.9 views

SUSE CVE-2022-0382

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user...

5.5CVSS7.1AI score0.00385EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS8.7AI score0.01831EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS...

9.4CVSS6.9AI score0.01136EPSS
Exploits0References9
Rows per page
Query Builder