33 matches found
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5000-1 advisory. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free...
Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)
The remote Ubuntu 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4997-1 advisory. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A loc...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:1975-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1975-1 advisory. The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi
I discovered three design flaws in the Wi-Fi standard and widespread related implementation flaws see GitHub overview and test tool. Here I'll specifically cover open source software. These findings have not received bug bounties from other sources. Implementation flaws allowing trivial packet...
CVE-2020-26139
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
Code injection
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
CVE-2020-26139
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
CVE-2020-26139
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
UBUNTU-CVE-2020-26139
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
CVE-2020-26139
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
CVE-2020-11269
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
Memory corruption
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
CVE-2019-1594
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN EAPOL...