CVE-2024-10604

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

CVE-2024-10604

creationtimestamp| type| source ---|---|--- 2025-01-30 19:18:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113918915650734751 2025-01-30 20:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgycfxdvmk2t 2025-01-30 22:38:18+00:00| seen|...

CVE-2024-10604 Identifiable Header Values In Fuchsia Leading To Tracking of The User

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

CVE-2024-10604 Identifiable Header Values In Fuchsia Leading To Tracking of The User

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

CVE-2024-10604

CVE-2024-10604 affects Fuchsia’s network header field generation algorithms. Vulnerable components include the TCP Initial Sequence Number (ISN), TCP timestamp, TCP/UDP source ports, and IPv4/IPv6 fragment IDs, which can be guessed under certain circumstances. The available connected sources iden...

ZOHO ManageEngine ServiceDesk Plus 路径遍历漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...

SEL (CVE-2018-10604) (deprecated)

Plugin deprecated because selcompass is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecated because...

CVE-2020-10604

creationtimestamp| type| source ---|---|--- 2020-07-25 07:55:12+00:00| seen| https://t.me/cibsecurity/13667...

CVE-2020-10604

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive...

CVE-2020-10604

CVE-2020-10604 affects OSIsoft PI System: a remote, unauthenticated attacker can crash the PI Network Manager service via specially crafted requests, blocking connections and queries to the PI Data Archive. The impact is described in the Update A 4.2.4 entry (Uncaught Exception) with CVSS v3 base...

CVE-2020-10604

In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive...

OSIsoft PI System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI System Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer...

CVE-2019-10604

CVE-2019-10604 describes a heap-buffer-overflow in Snapdragon’s diag command response handling where the last loop iteration on populating image version information can overflow a heap buffer. Affected platforms span numerous Snapdragon Auto/IoT devices (APQ8053, APQ8096AU, APQ8098, MDM9607, …, S...

CVE-2019-10604

Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607,...

backender (>=0.0.1 <=0.0.7), gulp-backender (>=0.0.4 <=0.0.5) potentially affected by CVE-2016-10604 via dalek-browser-chrome (=0.0.11)

dalek-browser-chrome NPM version =0.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on dalek-browser-chrome and may be impacted: - backender =0.0.1, =0.0.4, =0.0.5 Source cves: CVE-2016-10604 Source advisory: OSV:GHSA-6Q8Q-RVF4-M4PG...

CVE-2018-10604

CVE-2018-10604 affects SEL Compass 3.0.5.1 and earlier, where incorrect default permissions grant all users full access to the Compass directory, enabling modification or overwriting of files and potential privilege escalation or code execution. The issue is documented across multiple sources (NV...

CVE-2016-10604

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10604

dalek-browser-chrome downloads binary resources over HTTP, enabling MITM-style tampering. In network-position scenarios, an attacker can swap the requested binary with a malicious one, potentially executing code on the user’s system. The advisory notes that no patch is currently available and rec...

Juniper Junos SRX Cluster Synchronization Failover Errors (JSA10806)

According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a flaw in the handling of cluster synchronization and failover operations whenever the root account has been locked out. An unauthenticated, remote attacker can exploit this, via a seri...

CVE-2017-10604

CVE-2017-10604 affects Juniper SRX Series devices running Junos OS in cluster mode. The issue arises when account lockout is enabled: an unauthenticated user making failed root login attempts can trigger root lockout, which in turn causes cluster sync or failover errors. Affected releases are SRX...