42 matches found
CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...
USN-5765-1 postgresql-9.5 vulnerability
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...
Code injection
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
CVE-2022-36127 Service unavailability impact in NodeJS agent(version <= 0.5.0)
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...
USN-5145-1: PostgreSQL vulnerabilities
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...
USN-5145-1 postgresql-10, postgresql-12, postgresql-13 vulnerabilities
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...
Input validation
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...
CVE-2020-11243
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...
CVE-2020-11243
CVE-2020-11243 affects Qualcomm closed-source components on Snapdragon platforms (Auto, Compute, Connectivity, Mobile). Technical detail: RRC sends a connection-establishment success to NAS even when the connection setup validation fails, causing a Denial of Service. The CVE is referenced in mult...
The vulnerability of the Apache CXF web service framework, related to connection establishment errors, allows attackers to gain unauthorized access to protected information.
The vulnerability of Apache CXF web services is related to errors during connection establishment. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...
The vulnerability of the Network Security Services library, related to connection establishment errors, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Network Security Services library collection is related to errors during connection establishment. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of the protected information...
Replay Attack
github.com/v2ray/v2ray-core is vulnerable to replay attacks. The library doesn't implement session id's in its server, allowing a malicious user to send older packets to the server to establish a connection...
Cisco AnyConnect Secure Mobility Client Directory Traversal Vulnerability
The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. Cisco AnyConnect Secure Mobility Client 4.0 2049 has a directory traversal vulnerability in the implementation of the connection establishment process that could allow an unauthenticated, remote attacker to perform...
Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability
A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context. The vulnerability is due to insufficient input validation. An unauthenticated, remote attack...
[SECURITY] Fedora 20 Update: ipsec-tools-0.8.2-1.fc20
This package contains tools necessary for establishing keys for IPSEC connections including the rekeying during the connection lifetime. The main tools of this package are: - setkey, a program to directly manipulate policies and SAs in the kernel - racoon, an IKEv1 keying daemon...
Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9379/info KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. Due to a lack of resource limitations, a remote attacker may negotiate multiple connections to the affected server...
CVE-2012-0338
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113...
Linux Kernel <= 2.6.37 Local Kernel Denial of Service
No description provided by source. / Linux Kernel = 2.6.37 local kernel DoS CVE-2010-4165 ======================================================= A divide by 0 error occurs in tcpselectinitialwindow when processing user supplied TCPMAXSEG facilitating a local denial-of-service condition kernel...
Download connection
Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...