2399 matches found
util-linux bug fix and enhancement update
An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The util-linux packages contain a large variety of low-level system...
kernel: net/mlx5: Fix command stats access after free
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failure is being logged to command stats. This results in...
kernel: use-after-free after failed devlink reload in devlink_param_get
A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of...
kernel: use-after-free after failed devlink reload in devlink_param_get
A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of...
kernel: use-after-free after failed devlink reload in devlink_param_get
A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of...
kernel: net/mlx5: Fix command stats access after free
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failure is being logged to command stats. This results in...
kernel: use-after-free after failed devlink reload in devlink_param_get
A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of...
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...
Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the "Enter the URL: field, add the XSS payloa...
VulnCheck KEV: CVE-2017-6742
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...
CVE-2023-20112
A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...
CVE-2023-20072
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service DoS condition. This vulnerability is due to the improper handling of large...
CVE-2023-20080
A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...
Input validation
A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...
CVE-2023-20027 Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability
A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly VFR feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper reassembly of large packe...
CVE-2023-20080 Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability
A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...
CVE-2023-20072 Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service DoS condition. This vulnerability is due to the improper handling of large...
CVE-2023-20112 Cisco Access Point Software Association Request Denial of Service Vulnerability
A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...
CVE-2023-20112
A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...
Cisco Access Point Software Association Request Denial of Service Vulnerability
A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...