483 matches found
kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system...
OpenDaylight 'odl-l2switch-switch' Denial of Service Vulnerability
OpenDaylight, a project of the Linux Foundation in the United States, is a community-driven, open-source, software-defined networking framework that contains an ensemble of modules capable of performing networking tasks that need to be done quickly. A security vulnerability exists in the...
LAME II_step_one function buffer overflow vulnerability
LAME is an open source MP3 audio compression software. A buffer overflow vulnerability exists in the LAME libmpgdecoder.a/mpglib/layer2.c/IIstepone function, which allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it, which can crash...
DEBIAN-CVE-2017-9869
The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...
The vulnerability of the L2TP function in the Cisco IOS operating system allows a intruder to trigger a device reboot and a service failure.
The vulnerability of the L2TP function in the Cisco IOS operating system exists due to insufficient checking of L2TP packets. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure using a specially crafted L2TP packet...
Siemens SIMATIC HMI Denial of Service Vulnerability
SIMATIC HMI is an industrial device from Siemens, Germany.SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. A denial of service vulnerability in the Siemens SIMATIC HMI Multi-Panel and HMI Mobile Panels, as well as in the S7-300/S7-400 devices, allows an...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported th...
Cisco IOS XE Software L2TP Message Denial of Service Vulnerability
Cisco IOS XE Software is an operating system developed by Cisco in the United States for its network devices. Cisco IOS XE Software's fails to adequately filter L2TP packets. A remote attacker could exploit this vulnerability to submit a special request for a denial of service attack...
CVE-2017-3857
A vulnerability in the Layer 2 Tunneling Protocol L2TP parsing function of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and Cisco IOS XE 3.1 through 3.18 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation...
UBUNTU-CVE-2016-10200
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to...
MikroTik RouterOS L2TP Client Man-in-the-Middle Attack Vulnerability
MikroTik RouterOS is a routing operating system developed on the Linux kernel. A security vulnerability in the L2TP Client of MikroTik RouterOS allows remote attackers to exploit the vulnerability to gain unauthorized access to an L2TP server via a man-in-the-middle attack...
CVE-2016-8105
Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations...
CVE-2017-6297
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and...
DEBIAN-CVE-2015-8744
QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...
CVE-2016-6473
A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.23E. Known Fixed Releases: 12.250SE4 12.250SE5 12.250SQ5...
Siemens SIMATIC S7-300/1200/1500 CPU Denial of Service Vulnerability
Siemens SIMATIC S7-300, 1200 and 1500 CPUs are modular general-purpose controllers for the manufacturing industry from Siemens, Germany, and are widely used in tobacco, petrochemical, water and other important industrial control sites. A denial of service vulnerability exists in the Siemens SIMAT...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the drivers/media/platform/msm/camerav2/sensor/cci/msmcci.c file of the Qualcomm Android operating system is related to a missing unit error. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a specially created application that sends...
openstack-neutron: MAC source address spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
openstack-neutron: ICMPv6 source address spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
openstack-neutron: DHCP spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...