Important: dpdk security update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 For more details about the security...

CVE-2021-44693

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device...

RLSA-2022:8263 Important: dpdk security and bug fix update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

ALSA-2022:8263 Important: dpdk security and bug fix update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

CVE-2022-38980

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...

Information Disclosure

libpjsip.so is vulnerable to information disclosure. The vulnerability exists during packet processing in the function srtprtpcb in transportsrtp.c because PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart which allows an attacker to gain access to...

CVE-2022-20870

The CVE-2022-20870 entry concerns Cisco IOS XE Software on Cisco Catalyst 3650, 3850, and 9000-series switches, where the egress MPLS packet processing function validates IPv4 input incorrectly. This can allow an unauthenticated, remote attacker to cause an affected device to reload, triggering a...

Cisco IOS和Cisco IOS XE Software 输入验证错误漏洞

Cisco IOS and Cisco IOS XE Software are both products of Cisco, Inc.Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE...

CVE-2022-23689

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

CVE-2022-23687

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

Security feature bypass

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

Security feature bypass

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

Security feature bypass

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

CVE-2022-23689

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

CVE-2022-36054 Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system file os/net/ipv6/sicslowpan.c contains an input function that processes incoming packets and copies them into a packet buffer. Because of a...

Green Alliance NF firewall has information leakage vulnerability

Green Alliance NF Firewall is an enterprise-class next-generation border security product constructed by Green Alliance Technology on the basis of the latest generation 64-bit multi-core hardware platform, combined with the application layer security protection concept and high-speed packet...

SIEMENS SCALANCE XM-400 and XR-500 OSPF Packet Processing Vulnerability

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. An OSPF packet handling vulnerability exists in the SIEMENS SCALANCE XM-400 and XR-500, which stems from the implementation of the OSPF protocol in the devic...

CVE-2022-24700

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service daemon crash via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by...

Cisco TelePresence Collaboration Endpoint Software H.323 DoS (cisco-sa-ce-roomos-dos-c65x2Qf2)

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software is affected by a vulnerability in the packet processing functionality that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerabilit...

CVE-2022-20804

A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a...