Lucene search

K

Ietf Security Vulnerabilities

cve
cve

CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...

7.6CVSS

7.3AI Score

0.0005EPSS

2024-05-06 07:15 PM
151
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An...

8.6CVSS

7.3AI Score

0.006EPSS

2017-01-14 07:59 AM
136
cve
cve

CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a...

8.1CVSS

7.8AI Score

0.006EPSS

2016-09-21 02:59 AM
35
cve
cve

CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP...

4.7CVSS

4.8AI Score

0.001EPSS

2022-09-27 06:15 PM
66
4
cve
cve

CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0...

4.7CVSS

4.7AI Score

0.001EPSS

2022-09-27 07:15 PM
72
6
cve
cve

CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0...

4.7CVSS

4.8AI Score

0.001EPSS

2022-09-27 07:15 PM
40
6
cve
cve

CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its...

4.7CVSS

4.7AI Score

0.001EPSS

2022-09-27 07:15 PM
42
6
cve
cve

CVE-2020-20949

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

5.9CVSS

5.5AI Score

0.002EPSS

2021-01-20 04:15 PM
21
2
cve
cve

CVE-2020-20950

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable.....

5.9CVSS

5.5AI Score

0.003EPSS

2021-01-19 01:15 PM
22
3
cve
cve

CVE-2020-10136

Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...

5.3CVSS

5.4AI Score

0.011EPSS

2020-06-02 09:15 AM
103
4
cve
cve

CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

5.9CVSS

5.6AI Score

0.002EPSS

2018-09-06 09:29 PM
101
cve
cve

CVE-2004-2761

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509...

7.1AI Score

0.012EPSS

2009-01-05 08:30 PM
203
cve
cve

CVE-2007-2242

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two...

6.1AI Score

0.154EPSS

2007-04-25 04:19 PM
45