31 matches found
CVE-2026-43220
A flaw was found in the Linux kernel, specifically within the iommu/amd component responsible for managing memory access. This vulnerability arises from an issue in how commands are processed during concurrent memory invalidations, causing them to be queued out of sequence. This can lead to syste...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
CVE-2026-30079
OpenAirInterface (OAI) AMF vulnerability: In V2.2.0, processing out-of-sequence messages during UE registration triggers an incorrect state transition, enabling authentication bypass. Specifically, if a SecurityModeComplete message arrives after InitialUERegistration, the sequence can produce a r...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
PT-2026-30848
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HandleRegistrationComplete function. An attacker can cause a denial of service by sending an out-of-sequence NAS message during the registration procedure. Remediation Upgrade...
SUSE CVE-2016-10708
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1069)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
F5 Networks BIG-IP : OpenSSH vulnerability (K32485746)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K32485746 advisory. sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a...
CVE-2016-10708
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...
CVE-2016-10708
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...
openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...
PT-2018-1896 · Openssh +5 · Openssh +5
Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 7.4 Description: The issue is related to a denial of service caused by a NULL pointer dereference and daemon crash in OpenSSH. This can be triggered by remote attackers via an out-of-sequence NEWKEYS message, as...
Apache Qpid Session.gap Denial of Service - Ver2 (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...
Apache Qpid Session.gap Denial of Service - ver 2 (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...
Apache Qpid Session.gap Denial of Service (CVE-2015-0203)
A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...
FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)
A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny servi...
OpenSSL 1.0.0 < 1.0.0-beta2 DoS
According to its banner, the remote server is running a version of OpenSSL 1.0.0 prior to 1.0.0 beta 2. A remote attacker can crash the server by sending an out-of-sequence DTLS handshake message. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17768;...