Lucene search
K

103 matches found

Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-35784 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue concerns the use of kvmalloc/kvfree for larger packets in vhost/vsock. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/10 2:4 p.m.62 views

bluez: memory leak in the SDP protocol

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

6.5CVSS7.3AI score0.01101EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/09/03 12:0 a.m.7 views

Zhuhai Jieli AC690X 安全漏洞

The Zhuhai Jieli AC690X is a Bluetooth chip. A security vulnerability exists in the Zhuhai Jieli AC690X that arises from the Bluetooth Classic implementation on Zhuhai Jieli AC690X devices not properly handling the reception of very large LMP packets greater than 17 bytes during LMP auto-rate,...

6.5CVSS6.5AI score0.00531EPSS
Exploits0References6
OSV
OSV
added 2021/04/22 4:59 p.m.4 views

USN-4924-1 dnsmasq vulnerabilities

It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. CVE-2017-15107 It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A...

7.5CVSS6.8AI score0.02646EPSS
Exploits1References3
OSV
OSV
added 2021/01/08 12:15 a.m.4 views

DEBIAN-CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

7.5CVSS7.5AI score0.02589EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/01/08 12:15 a.m.4 views

CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

7.5CVSS5.3AI score0.02589EPSS
Exploits1References4
OSV
OSV
added 2021/01/08 12:15 a.m.4 views

UBUNTU-CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

7.5CVSS7.3AI score0.02589EPSS
Exploits1References5
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.7 views

Envoy 安全漏洞

Envoy is an open source distributed proxy server . A security vulnerability exists in versions prior to Envoy 1.16.1 that stems from incorrect handling of dropped and truncated datagrams, as evidenced by a UDP packet size greater than 1500 segmentation error. No details of the vulnerability are...

7.5CVSS7.1AI score0.02364EPSS
Exploits1References7
Prion
Prion
added 2020/02/12 3:15 p.m.13 views

Input validation

Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets...

5CVSS7.4AI score0.02193EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.79 views

F5 Networks BIG-IP : TMM vulnerability (K92002212)

Traffic Management Microkernel TMM may restart on BIG-IP Virtual Edition VE when using virtio direct descriptors and packets 2 KB or larger. CVE-2019-6676 Impact Some virtio backend implementations send large packets 2 KB or larger even when Large Offload Receive LRO is disabled. If the backend...

7.5CVSS7.4AI score0.01044EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/23 4:41 p.m.24 views

CVE-2019-6676

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition VE when using virtio direct descriptors and packets 2 KB or larger...

7.6AI score0.01044EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/08/22 9:19 a.m.4 views

QEMU: rtl8139: integer overflow leads to buffer overflow

An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INTMAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process,...

7.5CVSS7.4AI score0.06169EPSS
Exploits0References4
OSV
OSV
added 2019/08/01 9:15 p.m.2 views

DEBIAN-CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

7.5CVSS6.9AI score0.01705EPSS
Exploits1References1
OSV
OSV
added 2019/08/01 9:15 p.m.2 views

UBUNTU-CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

7.5CVSS7.3AI score0.01705EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.42 views

CVE-2017-5388

A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox 51...

7.5CVSS8.7AI score0.01662EPSS
Exploits0
CNVD
CNVD
added 2018/05/15 12:0 a.m.8 views

Moxa EDR-810 Denial of Service Vulnerability

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A denial of service vulnerability exists in the service proxy feature of the Moxa EDR-810 V4.1 build 17030317. An attacker can exploit this vulnerability b...

7.5CVSS6.7AI score0.01739EPSS
Exploits2References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.4 views

Moxa EDR-810 Denial of Service Vulnerability (CNVD-2018-11729)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A denial of service vulnerability exists in the service proxy feature of the Moxa EDR-810 V4.1 build 17030317. An attacker can exploit this vulnerability b...

7.5CVSS6.7AI score0.01944EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2017/08/01 3:38 p.m.5 views

dnsmasq: Improper bounds checking leads to a buffer overread

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

7.5CVSS7.3AI score0.01705EPSS
Exploits1References4
Veracode
Veracode
added 2017/04/27 7:17 a.m.10 views

Denial Of Service (DoS)

github.com/valyala/fasthttp is vulnerable to denial of service DoS attacks. The library does not define a maximum body size for the packets it receives, allowing a malicious user to exhaust the application's memory by sending large packets to it...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/03/02 5:4 p.m.3 views

kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...

7.8CVSS6.8AI score0.07613EPSS
Exploits0References4
Rows per page
Query Builder