398 matches found
Linksys E1700 安全漏洞
The Linksys E1700 is a wireless router from Linksys, USA. A security vulnerability exists in Linksys E1700 version 1.0.0.4.003, which stems from a stack buffer overflow due to incorrect manipulation of the parameter ackpolicy in the file /goform/QoSSetup...
SUSE CVE-2025-38224
In the Linux kernel, the following vulnerability has been resolved: can: kvaserpciefd: refine error prone echoskbmax handling logic echoskbmax should define the supported upper limit of echoskb allocated inside the netdevice's priv. The corresponding size value provided by this driver to...
UBUNTU-CVE-2025-38224
In the Linux kernel, the following vulnerability has been resolved: can: kvaserpciefd: refine error prone echoskbmax handling logic echoskbmax should define the supported upper limit of echoskb allocated inside the netdevice's priv. The corresponding size value provided by this driver to...
CVE-2025-4820
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4821
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4820
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4821
CVE-2025-4821 affects Cloudflare’s quiche (QUIC) prior to 0.24.4. The issue is “Incorrect congestion window growth” caused by processing invalid ACK ranges. An unauthenticated remote attacker can complete a handshake, initiate a congestion-controlled transfer, and send ACK frames covering a large...
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
CVE-2025-4820
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
PT-2025-26173 · Quiche · Quiche
Name of the Vulnerable Software and Affected Versions: quiche versions prior to 0.24.4 Description: The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can explo...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included (CVE-2023-52486 CVE-2023-52881)
Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed CVE-2023-52486 CVE-2023-52881. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved:...
CVE-2025-29785
A flaw was found in quic-go. This vulnerability allows a malicious QUIC client to cause a nil-pointer dereference, leading to an application-level denial of service via specially crafted ACK packets following spoofed path validation probes. Mitigation Mitigation for this issue is either not...
CVE-2023-53121 tcp: tcp_make_synack() can be called from process context
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
UBUNTU-CVE-2025-23145
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in canacceptnewsubflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcpcanacceptnewsubflow' because subflowreq-msk is NULL. Call trace: mptcpcanacceptnewsubflow...
CVE-2025-23145
CVE-2025-23145 affects the Linux kernel (MPTCP) and describes a NULL-pointer dereference in the mptcp_can_accept_new_subflow path. The root cause is that subflow_req->msk ownership could be transferred to a subflow on the first path, creating a window where a second SYN-ACK could be processed ...
Anatomy of a SYN-ACK Attack
...