Linux Distros Unpatched Vulnerability : CVE-2019-20427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation fo...

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...

Denial Of Service

Salt masters is vulnerable to Denial Of Service. The vulnerability is due to the master becoming unresponsive to return requests after receiving several bad packets on the request server, equal to the number of worker threads. This allows an attacker to disrupt the Salt master's normal operation...

CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

PYSEC-2023-166

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

SUSE CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

SUSE CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...

Denial Of Service (DoS)

lldpd is vulnerable to Denial Of Service DoS. The vulnerability exists through memory leak from bad packets...

Unpatched Citrix Flaw Now Has PoC Exploits

Proof-of-concept PoC exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller ADC and Citrix Gateway products. The vulnerability CVE-2019-19781, which Threatpost reported on in December, already packs a double-punch in terms...

Podcast: Bad Packets Report Founder on Rising Cryptojacking Attacks

Security researcher Troy Mursch of the Bad Packets Report joins the Threatpost Podcast to discuss recent cryptojacking campaigns, and why these types of malicious cryptomining attacks are on the rise. Criminals have been harnessing devices – from mobile devices to servers – to mine cryptocurrenci...

DEBIAN-CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...