Aruba Networks ArubaOS and InstantOS Security Vulnerabilities

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc. Aruba Networks InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS have security vulnerabilities that stem from a buffer overflow vulnerability in the underlying CLI servi...

Siemens Comos 安全漏洞

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. A plaintext transfer of sensitive information vulnerability exists in Siemens COMOS. Th...

PT-2023-6874 · Comos · Comos

Name of the Vulnerable Software and Affected Versions: COMOS versions prior to V10.4.4 Description: The issue is related to the transmission of credentials in unencrypted form, potentially allowing a remote attacker to access configuration data. The caching system in the affected application leak...

The vulnerability of Qubes Mirage Firewall, related to the execution of a loop with an unavailable exit condition, allows a intruder to trigger a service failure.

The vulnerability of Qubes Mirage Firewall is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to cause a service failure by sending specially crafted UDP packets...

dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

PT-2025-8278 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue in the Linux kernel has been identified, specifically in the unix dgram peer wake me function. The unix dgram poll function calls unix dgram peer wake me without...

Remotely exploitable DoS condition in Rosenpass <=0.2.0

Affected version do this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to decod...

The vulnerability of the Mbed TLS software lies in errors during encryption processing in DTLS connections, allowing attackers to execute arbitrary code.

The vulnerability of the Mbed TLS software is related to errors in encryption processing in DTLS connections when using zero-key encryption or RC4 encryption. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

UBUNTU-CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not...

CLSA-2023-1696352041 Fix CVE(s): CVE-2022-48571

SECURITY UPDATE: denial of service - debian/patches/CVE-2022-48571.patch: fix the crash when receiving multi-packet uploads in UDP - CVE-2022-48571...

CLSA-2023-1696351801 Fix CVE(s): CVE-2022-48571

SECURITY UPDATE: denial of service - debian/patches/CVE-2022-48571.patch: fix the crash when receiving multi-packet uploads in UDP - CVE-2022-48571...

Race condition

A vulnerability in the networking component of Cisco access point AP software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an...

Cisco Catalyst 9100 Access Points Denial of Service Vulnerability

A vulnerability in the networking component of Cisco access point AP software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an...

PT-2023-8586 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.11 Description: The issue is related to incorrect handling of exceptional states in the FreeSWITCH software-defined telecom stack, which can lead to a Denial of Service DoS when handling DTLS-SRTP for media...

CVE-2022-47562

Vulnerability in the RCPbind service running on UDP port 111, allowing a remote attacker to create a denial of service DoS condition...

USN-6382-1 memcached vulnerability

It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service...

PT-2023-8725 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0 Description: The vulnerability is related to the dccp v4 err and dccp v6 err functions in the Linux kernel. It is caused by an uninitialized value in the pskb may pull reason and pskb may pull functions,...

OESA-2023-1617 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service.CVE-2022-40433 Vulnerability in the Oracle Java SE, Oracle GraalVM...

CVE-2023-41173

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets...

CVE-2022-48571

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP...