404 matches found
dpdk: librte_vhost Missing inputs validation in Vhost-crypto
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
dpdk: librte_vhost Missing inputs validation in Vhost-crypto
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
DEBIAN-CVE-2020-10726
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...
DPDK Input Validation Error Vulnerability
DPDK is a data plane development kit for Linux-based platforms. It supports the execution of packet processing on multiple CPU architectures. An input validation error vulnerability exists in vhostusersetlogbase in DPDK version 18.05 and later. An attacker could exploit this vulnerability to caus...
DEBIAN-CVE-2020-10723
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
DEBIAN-CVE-2020-10722
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...
DEBIAN-CVE-2020-10724
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
DPDK Input Validation Error Vulnerability
DPDK is a data plane development kit for Linux-based platforms. It supports the execution of packet processing on multiple CPU architectures. An input validation error vulnerability exists in DPDK version 17.05 and later. The vulnerability originates from a network system or product that does not...
UBUNTU-CVE-2020-10724
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
UBUNTU-CVE-2020-10725
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...
UBUNTU-CVE-2020-10723
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
CVE-2020-5879
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied...
Design/Logic Flaw
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied...
CVE-2020-5879
CVE-2020-5879 affects BIG-IP ASM 11.6.1–11.6.5.1, where under certain configurations the appliance sends data plane traffic to back-end servers unencrypted despite a Server SSL profile being applied. The issue is documented in F5 advisory K88474783, which notes that vulnerable releases include 11...
CVE-2020-5871
On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...
Code injection
On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...
F5 Networks BIG-IP : BIG-IP SSL state mirroring vulnerability (K65720640)
BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVE-2020-5886 Impact On-path attackers m...