PT-2022-35353 · Misdn +1 · Misdn +1

Name of the Vulnerable Software and Affected Versions: mISDN versions prior to v5.15.75 Description: The issue concerns use-after-free bugs in l1oip timer handlers. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.15.75, update to Linux...

EulerOS 2.0 SP9 : dpdk (EulerOS-SA-2022-2761)

According to the versions of the dpdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending ...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation. A buffer error vulnerability exists in the Linux kernel that stems from an out-of-bounds read in the fibnhmatch function in the net/ipv4/fibsemantics.c file of the IPv4 Handler component...

OESA-2022-1965 dpdk security update

DPDK core includes kernel modules, core libraries and tools.testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More librarie...

SUSE SLES15 Security Update : dpdk (SUSE-SU-2022:3429-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3429-1 advisory. - A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service...

Denial Of Service (DoS)

dpdk is vulnerable to denial of service. The vulnerability exists due to the error recovery not handled properly, allowing an attacker to crash the system via the network stack...

CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

DEBIAN-CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

UBUNTU-CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

Design/Logic Flaw

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality...

CVE-2022-36053 Out-of-bounds read in the uIP buffer module

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module os/net/ipv6/uipbuf.c that processes IPv6 extension headers in incoming data packets. As part of this processing, the function...

Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022

NVIDIA has released a software update for MLNXDPDK to address a security issue that may lead to denial of service, and some impact to data integrity and confidentiality. To protect your system, contact your NVIDIA representative to obtain the MLNXDPDK version that contains the update and install...

kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak

The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts. An attacker can...

PVS image process gets BSOD on boot up

Using the PVS Upgrade wizard to upgrade the PVS drivers failed. Because of this, we used reverse imaging to remove the PVS drivers and install the 1912 CU4 drivers. On the reboot, during creation of a new vdisk, BSOD encountered. ERROR: BNIStack faile. netork stack col not e initialie -This error...

CVE-2021-33704

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

Authorization

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface No more SOCKS! Simpl...

CVE-2021-21005

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards...