4 matches found
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2013-3587
CVE-2013-3587 (BREACH) concerns TLS/SSL data compression leaks where compressed HTTPS responses reveal plaintext by observing size differences. The linked documents confirm this is a BREACH-type issue affecting HTTPS with HTTP compression, not tied to a single product. Mitigations documented incl...
CVE-2017-18017
CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....
CVE-2014-2927
F5 BIG-IP ConfigSync rsync vulnerability (CVE-2014-2927) allows unauthenticated remote read/write via the ConfigSync IP in failover mode. Affected: BIG-IP LTM and multiple modules (and Enterprise Manager 3.x) across versions from 11.0.0 up to 11.5.1 (including HF3/HF4 and related revisions) and 3...