CVE-2017-18868

CVE-2017-18868 relates to Digi XBee 2 devices, where the network stack underpinning ZigBee enables an attacker to issue remote AT commands due to an ineffective protection mechanism. The vulnerability can impact integrity and availability (I: Partial, A: Partial) with no confidentiality impact de...

Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-4349-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4349-1 advisory. A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. A flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being...

Startup delay occurs after you disable IPv6 in Windows

Startup delay occurs after you disable IPv6 in Windows Symptoms You may experience an additional five seconds delay during the startup of Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 SP1 or Windows Server 2008 R2 SP1. Cause This issue occurs because the code to avoid waiting for...

Cisco NX-OS Software Netstack DoS (cisco-sa-20190306-nxos-netstack)

A denial of service DoS vulnerability exists in Cisco NX-OS Software due to allocating and freeing memory buffers in the network stack. An unauthenticated, remote attacker can exploit this issue by sending crafted TCP streams to an affected device in a sustained way. If the attacker is succesful...

A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering

Posted by Sergei Glazunov and Mark Brand, Project Zero Introduction After we’d understood how the bug worked, and had passed on those details to Chrome to help them get started on a fix, we went back to our other projects. This bug remained a topic of discussion, and eventually we ran out of...

CVE-2019-1324

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'...

Siemens Simatic Uncontrolled Resource Consumption

A vulnerability has been identified in SIMATIC ET 200SP Open Controller All versions = V2.0 and = V2.0 and = V2.0 and V2.5. An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to...

CISA Releases Advisory on Wind River VxWorks Platform

The Cybersecurity and Infrastructure Security Agency CISA has released an Industrial Control Systems ICS Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Siemens SIMATIC ET 200SP 2.0 < 2.1.6 and SIMATIC S7-1500 2.0 < 2.5 DOS

Binary data 720164.prm...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking packet loss by setting an invalid M...

CVE-2019-0688

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'...

CVE-2018-19282

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol CIP network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the...

CVE-2018-19282

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol CIP network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the...

Design/Logic Flaw

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol CIP network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the...

CVE-2018-19282

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol CIP network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the...

CVE-2018-19282

Summary: CVE-2018-19282 affects Rockwell Automation PowerFlex 525 AC Drives (version 5.001 and earlier). The root cause is improper handling of CIP/EtherNet/IP packets, allowing a remote, unauthenticated attacker to crash the CIP network stack and cause a denial of service. This crash prevents ne...

CVE-2018-12178

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network...

CVE-2018-12178

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network...