Lucene search
K

23 matches found

nessus
nessus
added 2026/04/04 12:0 a.m.6 views

Fedora 43 : bind9-next (2026-a6efefa854)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a6efefa854 advisory. Update to 9.21.20 rhbz2440560 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 - Fi...

7.5CVSS7.5AI score0.01545EPSS
Exploits0References5
suse
suse
added 2025/06/09 1:27 p.m.2 views

Security update for iputils

This update for iputils fixes the following issues: CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.5CVSS7.6AI score0.01455EPSS
Exploits1References4
suse
suse
added 2025/06/08 1:25 p.m.1 views

Security update for iputils

This update for iputils fixes the following issues: CVE-2025-47268: Fixed integer overflow in RTT calculation leading to undefined behavior bsc1242300 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.5CVSS7.6AI score0.01455EPSS
Exploits1References4
osv
osv
added 2025/06/06 12:20 p.m.3 views

SUSE-SU-2025:01779-2 Security update for iputils

This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300. Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCKDGRAM on big endian systems bsc1243284...

6.5CVSS6.7AI score0.01455EPSS
Exploits1References4
suse
suse
added 2025/05/30 10:41 a.m.1 views

Security update for iputils

This update for iputils fixes the following issues: Security fixes: CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300. Other bug fixes: Fixed incorrect IPV4 TTL value when using SOCKDGRAM on big endian systems bsc1243284. Patch Instructions: To...

6.5CVSS7.6AI score0.01455EPSS
Exploits1References6
osv
osv
added 2025/05/30 10:41 a.m.3 views

SUSE-SU-2025:01771-1 Security update for iputils

This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300. Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCKDGRAM on big endian systems bsc1243284...

6.5CVSS6.7AI score0.01455EPSS
Exploits1References4
redhat
redhat
added 2024/10/28 1:27 p.m.3 views

quic-go: memory exhaustion attack against QUIC's connection ID mechanism

A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame, but the attacker can preve...

7.5CVSS5.8AI score0.011EPSS
Exploits0References7
osv
osv
added 2024/10/14 4:15 a.m.7 views

UBUNTU-CVE-2024-49214

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/07/03 12:0 a.m.6 views

PT-2024-28734 · Tcp · Tcp

Name of the Vulnerable Software and Affected Versions: TCP protocol affected versions not specified Description: The issue is related to a timing side channel in the TCP protocol, making it easier for remote attackers to infer the content of one TCP connection from a client system to any server...

4.3CVSS6.9AI score0.00572EPSS
Exploits0References13
susecve
susecve
added 2024/04/09 2:30 a.m.3 views

SUSE CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS9.2AI score0.011EPSS
Exploits0References6
osv
osv
added 2024/04/04 3:15 p.m.2 views

DEBIAN-CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.7AI score0.011EPSS
Exploits0References1
osv
osv
added 2024/04/02 7:15 a.m.1 views

DEBIAN-CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference...

5.5CVSS5.2AI score0.00241EPSS
Exploits0References1
susecve
susecve
added 2024/02/21 3:31 a.m.4 views

SUSE CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

6.5CVSS6.9AI score0.01194EPSS
Exploits0References3
redhat
redhat
added 2024/02/19 1:16 a.m.37 views

quic-go: memory exhaustion attack against QUIC's path validation mechanism

A memory exhaustion vulnerability was found in Quic-GO, where a malicious client exploits the path validation mechanism to induce the server into accumulating an unbounded queue of PATHRESPONSE frames, depleting its memory. The attacker controls the victim's packet send rate by overwhelming the...

6.5CVSS5.7AI score0.01194EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/02/06 12:0 a.m.6 views

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service issue when processing 11AZ RTT management operation frames received via OTA...

7.5CVSS6.7AI score0.00324EPSS
Exploits0References3
osv
osv
added 2024/01/10 10:15 p.m.1 views

DEBIAN-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

6.5CVSS6.3AI score0.01194EPSS
Exploits0References1
osv
osv
added 2022/07/17 11:15 p.m.2 views

DEBIAN-CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation...

7.5CVSS7.6AI score0.01059EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/07/17 11:15 p.m.4 views

CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation...

7.5CVSS5.8AI score0.01059EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/02/01 12:0 a.m.7 views

Qualcomm Wlan Firmware Information Disclosure Vulnerability

Qualcomm Wlan Firmware is a Wlan support firmware from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Wlan Firmware that allows RTT frames to be attached to non-randomized MAC addresses by comparing the sequence numbers can lead to information disclosure...

7.5CVSS7.1AI score0.00692EPSS
Exploits0References3
redhat
redhat
added 2020/04/28 3:43 p.m.4 views

kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c

A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter /proc/sys/net/ipv4/tcpminrttwlen is set incorrectly. This causes an integer overflow which can lead to a denial Of service DOS attack...

9.8CVSS7.2AI score0.03431EPSS
Exploits0References4
Rows per page
Query Builder