Page 82 of 38571 results (0.375 seconds)

CVSS: 8.7EPSS: 0%CPEs: 13EXPL: 0

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail ... read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\ This issue affects: Junos OS with cRPD:  * All versions before 21.2R3-S8,  * 21.4 before 21.4R3-S7,  * 22.1 before 22.1R3-S6,  * 22.2 before 22.2R3-S4,  * 22.3 before 22.3R3-S3,  * 22.4 before 22.4R3-S2,  * 23.2 before 23.2R2-S2,  * 24.2 before 24.2R2;  Junos OS Evolved with cRPD:  * All versions before 21.4R3-S7-EVO,  * 22.2 before 22.2R3-S4-EVO,  * 22.3 before 22.3R3-S3-EVO,  * 22.4 before 22.4R3-S2-EVO,  * 23.2 before 23.2R2-EVO. • https://supportportal.juniper.net/JSA88108 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. ... Their output will display the interface status going down: user@device>show interfaces <if--x/x/x> user@device>show log messages | match <if--x/x/x> user@device>show log messages ==> will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability • https://supportportal.juniper.net/JSA88103 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Quicly up to commtit d720707 is susceptible to a denial-of-service attack. • https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p • CWE-617: Reachable Assertion •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

The crash can be exploited by an attacker to mount a Denial-of-Service attack. ... Users may disable the use of HTTP/3 to mitigate the issue. • https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562 https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92 https://h2o.examp1e.net/configure/http3_directives.html • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000E9IIbIAN?operationContext=S1 https://community.silabs.com/068Vm00000FfVNN • CWE-821: Incorrect Synchronization •