81 matches found
Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client
At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore's...
SUSE CVE-2004-0991
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files...
SUSE CVE-2017-9870
The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file that is mishandled in the code for the "blocktype == 2" case, a similar...
SUSE CVE-2017-9872
The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...
SUSE CVE-2017-14408
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service...
SUSE CVE-2018-10778
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...
SUSE CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
SUSE CVE-2021-34085
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...
CVE-2022-20728
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
UBUNTU-CVE-2021-34085
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
QEMU: net: an assert failure via eth_get_gso_type
An assert3 failure flaw was found in the networking helper functions of QEMU. This vulnerability can occur in the ethgetgsotype routine if a packet does not have a valid networking L3 protocol ex. IPv4, IPv6 value. This flaw allows a guest user to crash the QEMU process on the host, resulting in ...
CVE-2020-3444
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...
DEBIAN-CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
UBUNTU-CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
Cisco SD-WAN vEdge Input Validation Error Vulnerability
Cisco SD-WAN vEdge is a router from Cisco. The device provides basic WAN, security, and multi-cloud capabilities for Cisco SD-WAN solutions. The Cisco SD-WAN vEdge suffers from an input validation error vulnerability that arises from a network system or product that does not properly validate...
CVE-2019-1951
A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...
Cisco SD-WAN Solution Packet Filter Bypass Vulnerability
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco. A packet filter bypass vulnerability exists in Cisco SD-WAN Solution version 19.1.0 and earlier. The vulnerability stems from improper traffic filtering conditions on the affected device. An attacker can exploit this...
Cisco IOS XE Software Access Control Error Vulnerability
Cisco IOS XE Software is an operating system developed by Cisco for its network devices. An access control error vulnerability exists in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality in Cisco IOS XE Software, which arises from...
mp3gain Denial of Service Vulnerability
mp3gain is a volume adjustment application for MP3 files. A security vulnerability exists in the 'IIIdequantizesample' function in the mpglibDBL/layer3.c file in mp3gain 1.5.2-r2 and earlier versions, which stems from a read access privilege conflict in the program. A remote attacker could exploi...