Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol. The following products and versions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10...

PT-2023-2288 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

PT-2023-2271 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 A...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 A...

SUSE CVE-2003-1029

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service infinite loop and memory consumption via a packet with invalid data to UDP port 1701, which causes l2tpavpprint to use a bad length value when calling printoctets...

SUSE CVE-2004-0805

Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain 1 mp3 or 2 mp2 file...

SUSE CVE-2004-0991

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files...

SUSE CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

SUSE CVE-2016-2541

Audacity before 2.1.2 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted MP2 file...

SUSE CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to...

SUSE CVE-2018-13112

getl2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packets, as demonstrated by tcpprep...

SUSE CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

SUSE CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers...

SUSE CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse...

SUSE CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and optionally VLAN0 headers...

SUSE CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion and optionally VLAN0 headers...

SUSE CVE-2022-4129

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service...

The vulnerability in the implementation of the Linux operating system’s Layer 2 Tunneling Protocol (L2TP) kernel allows a hacker to induce a service failure.

The vulnerability of the Linux operating system’s L2TP Layer 2 Tunneling Protocol kernel implementation is related to the absence of blocking during the cleaning of skuserdata. This can lead to a race condition and the swapping of the zero pointer. Exploiting this vulnerability could allow an...