22 matches found
Astra Linux - уязвимость в linux-5.10, linux
Before version 5.17.9, the Linux kernel allowed TCP servers to identify clients by observing which source ports were used. This occurs due to the use of Algorithm 4 "Double-Hash Port Selection Algorithm" from RFC 6056...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the issue where a tainted pointer was deleted instead of the previously created rules when the flow rule creation failed. In the case of a flow rule creation failure in mlx5lagcreateportseltable, the tainted point...
CVE-2018-25262
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences...
CVE-2018-25262
Angry IP Scanner for Linux 3.5.3 contains a denial-of-service vulnerability that crashes the application when a malformed input is supplied in the port selection field. The issue can be triggered by pasting a string containing buffer overflow patterns into the Preferences Ports tab. The CVE notes...
CVE-2018-25262 Angry IP Scanner for Linux 3.5.3 Denial of Service
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013305)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013305 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010727)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010727 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC --- Desc...
DEBIAN-CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
SUSE CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
...
DEBIAN-CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...
CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...
Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are...
PT-2022-3221 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.9 Description: The issue is related to insufficient entropy in the Linux kernel, allowing a remote attacker to identify clients by determining the original source ports used by the TCP server. This is due t...
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...
GHSA-GH7C-CG3X-PMCR pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Angry IP Scanner for Linux 3.5.3 - Denial of Service PoC Exploit Title: Angry IP Scanner for Linux 3.5.3 - Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: 2018-12-22 Vendor Homepage: https://angryip.org/ Software Link : https://angryip.org/download/ Tested Version: 3.5.3 latest...
Real Networks GameHouse dldisplay ActiveX control 0 Port Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the corre...
CVE-2008-3217
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing...