Ubuntu 22.04 LTS / 24.04 LTS : FRR vulnerabilities (USN-8376-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8376-1 advisory. It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this...

gmrtd security vulnerabilities

GMRTD is an open-source Go language library developed by GMRTD. Versions of GMRTD prior to 0.17.2 contained security vulnerabilities. These vulnerabilities stemmed from the ReadFile function accepting TLVs of excessive length, which could lead to unlimited resource consumption...

tlvs.vn Cross Site Scripting vulnerability OBB-2791430

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2022-26125

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isistlvs.c...

PT-2022-17688 · Frrouting +4 · Frrouting +4

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.1.0 Description: Buffer overflow vulnerabilities exist due to wrong checks on the input packet length in isisd/isis tlvs.c. Recommendations: For versions through 8.1.0, consider updating to a version that includes...

CVE-2020-3675

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

lldpad security and bug fix update

1.0.1-13.git036e314 - After gating yml updates 1.0.1-12.git036e314 - Add support for DSCP selectors in APP TLVs 1704660 1.0.1-11.git036e314 - Fix memleak on TLV reception 1727326 1.0.1-10.git036e314 - Fix the OID display 1614933...

Fedora 29 : lldpad (2018-06d56c8c9d)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

Buffer overflow

Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmiqossrvc.c. Android ID: 31805216. References: QC CR912775...

CVE-2016-8411

Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmiqossrvc.c. Android ID: 31805216. References: QC CR912775...

CVE-2016-8411

Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmiqossrvc.c. Android ID: 31805216. References: QC CR912775...

CVE-2016-8411

CVE-2016-8411 is a buffer overflow in Android’s QMI QOS TLV processing (qmi_qos_srvc.c). Reported as CRITICAL with CVSSv3 base 9.8, exploitable over network with no user interaction. Affected: Android devices including versions containing qmi_qos_srvc.c. Root cause: buffer overflow while parsing ...

CVE-2011-1640

The ethernet-lldp component in Cisco IOS 12.2 before 12.233SXJ1 does not properly support a large number of LLDP Management Address MA TLVs, which allows remote attackers to cause a denial of service device crash via crafted LLDPDUs, aka Bug ID CSCtj22354...

Mandrake Linux Security Advisory : tcpdump (MDKSA-2007:148)

An integer overflow in tcpdump could allow a remote attacker to execute arbitrary code via crafted TLVs in a BGP packet. Updated packages have been patched to prevent this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Integer overflow

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

DEBIAN-CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

CVE-2007-3798

CVE-2007-3798 affects tcpdump’s BGP dissector: an integer overflow in print-bgp.c in tcpdump 3.9.6 and earlier allows remote code execution via crafted BGP TLVs. Impact: arbitrary code execution with the pcap user’s privileges when processing BGP packets. Remediation is via updated tcpdump packag...

CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...