7654 matches found
CVE-2024-40992
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...
CVE-2024-40992
CVE-2024-40992 concerns the Linux kernel RDMA/rxe stack. The root cause was an incorrect resilience check for UD QP receive data: a deferred responder length check in the function copy_data (via commit 689c5421bfe0) could trigger an oversized UD packet to fail with -EINVAL, causing send_data_in t...
CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...
CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...
The vulnerability of Huawei TC7001-10, WS7200-10, and WS7206-10 Wi-Fi routers lies in the lack of a mechanism to lock sessions. This allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of Huawei TC7001-10, WS7200-10, and WS7206-10 Wi-Fi routers’ microprogramming software is related to the lack of a session fixation mechanism, due to the absence of reverse address checking and TCP connection tracing. Exploiting this vulnerability can allow an unauthorized actor...
CVE-2024-39538 Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes
A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.When multicast traffic with a specific, valid S,G is received,...
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2381-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2381-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
Siemens SINEMA Remote Connect Server Exception or Improper Exception Checking Vulnerability
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server has an anomaly or improper anomaly checking vulnerability that c...
CVE-2024-39865
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...
CVE-2024-6563
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files...
CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0286)
The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0286 advisory. - There is a type confusion vulnerability relating to X.400 addres...
Prudential Financial data breach impacts 2.5 million people, not 36,000 as first thought
In February 2024, Prudential Financial reported it had fallen victim to a ransomware attack. The attack was discovered one day after it started, but not before some 2.5 million people had been impacted by the resulting data breach. As one of the largest insurance companies in the US, Prudential...
CVE-2024-23368 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC
Memory corruption when allocating and accessing an entry in an SMEM partition...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of boundary checking, resulting in out-of-bounds writes...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of boundary checking, resulting in out-of-bounds writes...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of boundary checking, resulting in out-of-bounds writes...
MOXA OnCell G3470A-LTE Buffer Overflow Vulnerability
MOXA OnCell G3470A-LTE is a series of cellular gateway/router from MOXA China. A buffer overflow vulnerability exists in MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions, which stems from a lack of boundary checking for buffer operations, and can be exploited by an attacker to write...
CVE-2024-0947
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...