dotnet: ASP.NET Core WebSocket frame processing DoS

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

Beckhoff Twincat Exposure of Sensitive Information to an Unauthorized Actor

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less tha...

Cisco Firepower Threat Defense Software Inline Pair/Passive Mode DoS (cisco-sa-ftd-inline-dos-nXqUyEqM)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the ingress packet processing path for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9404)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9404 advisory. - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909 - Bluetooth: fix the erroneous flushwork...

Qualcomm 芯片授权问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way of miniaturizing circuitry including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. An authorization issue vulnerability exists in...

CVE-2019-9514

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Cisco IoT Field Network Director DoS (cisco-sa-iot-coap-dos-WTBu6YTq)

A denial of service DoS vulnerability exists in Cisco IoT Field Network Director due to incorrect handling of certain valid, but not typical, Ethernet frames. An unauthenticated, remote attacker can exploit this issue by sending the Ethernet frames onto the Ethernet segment, to cause the device t...

python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

USN-5018-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Piotr Krysiuk discovered that the eBPF...

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...

CVE-2021-0290

Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service DoS condition. The...

CVE-2021-0277

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service DoS, or may lead to remote code execution RCE. Continued receipt...

CVE-2021-0277

Summary (CVE-2021-0277): An out-of-bounds read in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved can cause DoS and may lead to remote code execution when processing crafted LLDP frames. Affected: Junos OS versions prior to listed fixed releases (e.g....

Juniper Networks Junos OS 和 Junos OS Evolved 缓冲区错误漏洞

Juniper Networks Junos OS and Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system for the company's hardware devices. Juniper Networks Junos OS is a network operating system for the company's hardware devices that provides a secure...

Juniper Junos OS Vulnerability (JSA11192)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11192 advisory. - Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over th...

Broadcom BCM4352和BCM43684芯片安全漏洞

Broadcom BCM4352 is an application software from broadcom. Enables devices to fully utilize available bandwidth, providing 2x more performance. The Broadcom BCM4352 and BCM43684 chips contain a security vulnerability that can be exploited by an attacker to initiate a denial of service DoS via an...

Juniper Junos OS Vulnerability (JSA11181)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11181 advisory. - An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS and Junos ...

Qualcomm 芯片处理逻辑错误漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.The QCA6574AU is a central processing unit CPU product.The SD 636 is a central processing unit CPU product.The SDM630 is a central processing unit CPU product.The SDM630 is a central processing unit CPU product.The SDM63...