CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 10%CPEs: 9EXPL: 0CVE-2018-5381 – Gentoo Linux Security Advisory 201804-17
https://notcve.org/view.php?id=CVE-2018-5381
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, tiene un error en su análisis de "Capabilities" en los mensajes BGP OPEN, en la función bgp_packet.c:bgp_capability... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 25%CPEs: 18EXPL: 0CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desc... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2018-5380 – Gentoo Linux Security Advisory 201804-17
https://notcve.org/view.php?id=CVE-2018-5380
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede saturar las tablas internas de conversión de código a cadena de BGP empleadas para depurar por un valor de puntero 1, basándose en las entradas. It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
03 Aug 2015 — The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a t... • http://www.securitytracker.com/id/1033022 • CWE-312: Cleartext Storage of Sensitive Information •