Lucene search

K

Ietf Security Vulnerabilities

cve
cve

CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

5.9CVSS

5.6AI Score

0.003EPSS

2018-09-06 09:29 PM
101
cve
cve

CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...

7.6CVSS

7.3AI Score

0.0005EPSS

2024-05-06 07:15 PM
151
cve
cve

CVE-2020-10136

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and...

5.3CVSS

5.2AI Score

0.015EPSS

2020-06-02 09:15 AM
104
4
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2898
In Wild
cve
cve

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An...

8.6CVSS

7.3AI Score

0.006EPSS

2017-01-14 07:59 AM
137
cve
cve

CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a...

8.1CVSS

7.8AI Score

0.006EPSS

2016-09-21 02:59 AM
37
cve
cve

CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP...

4.7CVSS

4.8AI Score

0.001EPSS

2022-09-27 06:15 PM
67
4
cve
cve

CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0...

4.7CVSS

4.7AI Score

0.001EPSS

2022-09-27 07:15 PM
73
6
cve
cve

CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0...

4.7CVSS

4.8AI Score

0.001EPSS

2022-09-27 07:15 PM
41
6
cve
cve

CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its...

4.7CVSS

4.7AI Score

0.001EPSS

2022-09-27 07:15 PM
43
6
cve
cve

CVE-2020-20949

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

5.9CVSS

5.5AI Score

0.002EPSS

2021-01-20 04:15 PM
22
2
cve
cve

CVE-2020-20950

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable.....

5.9CVSS

5.5AI Score

0.003EPSS

2021-01-19 01:15 PM
22
3
cve
cve

CVE-2004-2761

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509...

7.1AI Score

0.012EPSS

2009-01-05 08:30 PM
204
cve
cve

CVE-2007-2242

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two...

6.1AI Score

0.146EPSS

2007-04-25 04:19 PM
46