Qualcomm 芯片处理逻辑错误漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.The QCA6574AU is a central processing unit CPU product.The SD 636 is a central processing unit CPU product.The SDM630 is a central processing unit CPU product.The SDM630 is a central processing unit CPU product.The SDM63...

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2208-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2208-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received...

JTEKT TOYOPUC-Plus 缓冲区错误漏洞

JTEKT TOYOPUC-Plus is a PLC from JTEKT Japan. The JTEKT TOYOPUC-Plus suffers from a buffer error vulnerability that originates when the product receives an invalid frame, the outer region of the FL-net receive buffer will be overwritten. This causes the PLC CPU to detect a system error and the...

USN-5000-2: Linux kernel (KVM) vulnerabilities

USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of...

USN-5000-2 linux-kvm vulnerabilities

USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of...

CVE-2021-21004

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client...

Code injection

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client...

CVE-2021-21004

CVE-2021-21004 affects Phoenix Contact FL SWITCH SMCS series. An attacker can inject malicious code via LLDP frames into the device’s web-based management, which could be executed by the client. Documented impact includes potential modification or execution of code on the client side, with CVSS d...

USN-5001-1: Linux kernel (OEM) vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5000-1 advisory. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free...

Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)

The remote Ubuntu 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4997-1 advisory. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A loc...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)

"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1975-1 advisory. - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinit in...

Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi

I discovered three design flaws in the Wi-Fi standard and widespread related implementation flaws see GitHub overview and test tool. Here I'll specifically cover open source software. These findings have not received bug bounties from other sources. Implementation flaws allowing trivial packet...

MGASA-2021-0266 Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

The vulnerability of implementations of algorithms such as WEP, WPA, WPA2, and WPA3 for IEEE 802.11 communication standards allows attackers to inject arbitrary network packets and/or compromise the integrity of protected information.

The vulnerability of implementations of algorithms such as WEP, WPA, WPA2, and WPA3 for IEEE 802.11 communication standards exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary network packets and/or compromise the...

Check Point Response to Wi-Fi FragAttacks in Quantum Spark appliances

Cause Several CVEs were published on Wi-Fi devices under the name FragAttacks. More information about them can be found at: https://www.fragattacks.com/ The list of new CVEs related to wireless security flaws with fragmented and aggregated frames, is relevant to Check Point Quantum Spark wireless...

SUSE SLED12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:1913-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1913-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs...

Buffer overflow

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2020-11159

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...