Lucene search
+L

97 matches found

OSV
OSV
added 2019/09/24 8:15 p.m.2 views

DEBIAN-CVE-2019-16411

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o-len data + 3" places one beyond the 3 bytes, because the...

9.8CVSS8.6AI score0.02027EPSS
Exploits0References1
OSV
OSV
added 2019/08/09 6:15 p.m.4 views

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

9.8CVSS7.5AI score0.26629EPSS
Exploits0References9
NVD
NVD
added 2019/08/09 6:15 p.m.28 views

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

9.8CVSS9.8AI score0.26629EPSS
Exploits0References9
Veracode
Veracode
added 2019/05/02 6:36 a.m.28 views

Denial Of Service (DOS)

Linux kernel is vulnerable to denial of service DOS attacks. The vulnerability exists in the ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel. Malicious IP options present would cause the ipv4pktinfoprepare function to drop/free the dst. Attackers could cause a denial of...

7.5CVSS6.8AI score0.03915EPSS
Exploits0References48Affected Software2
Kitploit
Kitploit
added 2018/02/03 1:0 p.m.32 views

ICMPExfil - Exfiltrate data with ICMP

ICMP Exfil allows you to transmit data via valid ICMP packets. You use the client script to pass in data you wish to exfiltrate, then on the device you're transmitting to you run the server. Anyone watching-- human or security system-- will just see valid ICMP packets, there's nothing malicious...

7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2017/09/18 11:25 p.m.100 views

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux...

8CVSS7.9AI score0.16181EPSS
Exploits17
Cvelist
Cvelist
added 2017/06/26 3:0 p.m.24 views

CVE-2015-3215

The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service guest crash via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options...

7.3AI score0.01796EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/04/25 12:0 a.m.294 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3265-1 advisory. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause...

9.8CVSS7.3AI score0.04953EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2017/04/25 12:0 a.m.286 views

Ubuntu: Security Advisory (USN-3265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.04953EPSS
Exploits0References2
Amazon
Amazon
added 2017/03/06 12:0 a.m.66 views

Important: kernel

Issue Overview: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw...

9.8CVSS7.1AI score0.0596EPSS
Exploits13
NVD
NVD
added 2017/02/14 6:59 a.m.24 views

CVE-2017-5970

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

7.5CVSS7.4AI score0.03915EPSS
Exploits0References11
Prion
Prion
added 2017/02/14 6:59 a.m.23 views

Code injection

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

5CVSS7.4AI score0.03915EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2017/02/14 6:30 a.m.26 views

CVE-2017-5970

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

7.5AI score0.03915EPSS
Exploits0References11
CVE
CVE
added 2017/02/14 6:30 a.m.209 views

CVE-2017-5970

Summary (CVE-2017-5970): The Linux kernel (ipv4_pktinfo_prepare in net/ipv4/ip_sockglue.c) up to version 4.9.9 is affected. A flaw can cause a denial of service (system crash) when triggered by (1) crafted system calls from an application or (2) IPv4 traffic carrying invalid IP options. The root ...

7.5CVSS7.3AI score0.03915EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2017/02/14 6:30 a.m.45 views

CVE-2017-5970

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

7.5CVSS7.8AI score0.03915EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/02/14 12:0 a.m.35 views

CVE-2017-5970

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

7.5CVSS7.1AI score0.03915EPSS
Exploits0References11
OSV
OSV
added 2017/02/14 12:0 a.m.5 views

UBUNTU-CVE-2017-5970

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...

7.5CVSS7AI score0.03915EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2015/06/03 9:50 a.m.5 views

virtio-win: netkvm: malformed packet can cause BSOD

It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a...

7.5CVSS5.8AI score0.01796EPSS
Exploits0References4
exploitpack
exploitpack
added 2015/03/04 12:0 a.m.47 views

Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)

Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-4943poc.c The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain...

6.9CVSS0.1AI score0.02103EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack

No description provided by source. source: http://www.securityfocus.com/bid/556/info There is a vulnerability in Gauntlet Firewall 5.0 which allows an attacker to remotely cause a denial of service. The vulnerability occurs because Gauntlet Firewall cannot handle a condition where an ICMP Protoco...

7.1AI score
Exploits0
Rows per page
Query Builder