168 matches found
CVE-2023-20083
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result...
CVE-2023-20270
A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS conditi...
Design/Logic Flaw
A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS conditi...
CVE-2023-4921
A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...
Oracle Linux 8 : libarchive (ELSA-2023-3018)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3018 advisory. 3.3.3-5 - Fix for CVE-2022-36227 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...
AlmaLinux 8 : libarchive (ALSA-2023:3018)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3018 advisory. - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, whi...
krb5 security, bug fix, and enhancement update
1.20.1-8.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.20.1-8 - Fix datetime parsing in kadmin on s390x - Resolves: rhbz2169985 1.20.1-7 - Fix double free on kdb5util key creation failure - Resolves: rhbz2166603 1.20.1-6 - Add support for MS-PAC extended KDC signature...
Design/Logic Flaw
A vulnerability in the Link Layer Discovery Protocol LLDP feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This...
CVE-2023-20089 Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This...
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This...
KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and...
ROS-20221216-01
A vulnerability in the libarchive archiving library is related to the lack of error checking after the call to the calloc function, which may return with a NULL pointer in case of a function crash, resulting in a NULL pointer dereference. resultant dereferencing of the NULL pointer. Exploitation ...
Malware Authors 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team SIRT, came to light mid-November 2022 for its ability to...
CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...
CVE-2022-20950
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being...
Cisco Firepower Threat Defense Software SIP and Snort 3 Detection Engine Denial of Service Vulnerability
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being...
Cisco Firepower Threat Defense 代码问题漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A code issue vulnerability exists in Cisco Firepower Threat Defense FTD Software that stems from a lack of error checking when interacting with its SIP and Snort 3 for...
PT-2022-34289 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue concerns the support for PEC Packet Error Checking in SMBus block read operations. It was introduced in version v3.15 and fixed in version v5.4.211. The actual impact and attack...
PT-2022-34130 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue concerns the support for PEC Packet Error Checking in SMBus block read operations. It was introduced in version v3.15 and fixed in version v5.10.137. The actual impact and attack...
PT-2022-33537 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue concerns the support for PEC Packet Error Checking in SMBus block read operations. It was introduced in version v3.15 and fixed in version v5.19.2. The actual impact and attack...