Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-24586)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26142)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26147)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26140)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Race condition

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

CVE-2024-20318

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding

Impact Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimit...

PT-2024-2146 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset,...

CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche

Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited numb...

CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche

Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited numb...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

kernel: NULL pointer dereference in can_rcv_filter

A NULL pointer dereference issue was found in the can protocol in net/can/afcan.c in the Linux kernel, where mlpriv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service...

PT-2024-2630 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare Quiche versions 0.19.1 through 0.20.0 Description: The issue is related to an unlimited resource allocation vulnerability, causing a rapid increase in memory usage of the system running the quiche server or client. A remote attacke...

quiche -- Multiple Vulnerabilities

Quiche Releases reports: This release includes 2 security fixes: CVE-2024-1410: Unbounded storage of information related to connection ID retirement, in quiche. Reported by Marten Seeman @marten-seeman CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche. Reported...

USN-6685-1 mqtt-client vulnerability

It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2024-40652 · Aom · Aom

Name of the Vulnerable Software and Affected Versions: aom affected versions not specified Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. This error is identified in the get ls tile buffers...

Medium: amazon-ecr-credential-helper

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

curl: HTTP/2 PUSH_PROMISE DoS

Vulnerability description not provided...