CyberSecurityBoard
Sponsor Register Login

CVE-2005-4440

The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack."

Publication date: Wed, 21 Dec 2005 08:03:00 +0000


Cyber News related to CVE-2005-4440

CVE-2005-4440 - The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as ...
5 years ago
CVE-2007-4440 - Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. ...
6 years ago
CVE-2008-4440 - The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. ...
15 years ago
CVE-2009-4440 - Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of ...
14 years ago
CVE-2013-4440 - Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. ...
8 years ago
CVE-2010-4440 - Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. ...
6 years ago
CVE-2014-4440 - The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by ...
6 years ago
CVE-2006-4440 - PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. ...
6 years ago
CVE-2018-4440 - A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. ...
5 years ago
CVE-2012-4440 - Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. ...
4 years ago
CVE-2022-0729 - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. ...
1 year ago
CVE-2016-4440 - arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute ...
1 year ago
CVE-2022-4440 - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) ...
1 year ago
CVE-2023-4440 - A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been classified as critical. This affects an unknown part of the file appointment.php. The manipulation of the argument sheduledate leads to ...
10 months ago
CVE-2015-4440 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none ...
54 years ago Tenable.com
CVE-2017-4440 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com
CVE-2024-4440 - The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on ...
1 month ago Tenable.com
CVE-2021-4440 - In the Linux kernel, the following vulnerability has been resolved: ...
1 week ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
15 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
15 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
7 months ago
CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
15 years ago
CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com
CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
54 years ago Tenable.com
CVE-2005-2965 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should ...
54 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)