57 matches found
CVE-2023-7266
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-76605 This vulnerability has been assigned a CVEID:CVE-2023-7266...
CVE-2023-7266
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-76605 This vulnerability has been assigned a CVEID:CVE-2023-7266...
Huawei WS7200-10 安全漏洞
Huawei WS7200-10 is a wireless router from Huawei China. A security vulnerability exists in the Huawei WS7200-10, which stems from the presence of a connection hijacking vulnerability, successful exploitation of which may result in a denial of service or information disclosure impact on the devic...
Huawei多款产品 安全漏洞
The Huawei WS8700, among others, is a router from the Chinese company Huawei Huawei. Some of Huawei's home routers are vulnerable to connection hijacking, which can be exploited by attackers to cause a DoS or information disclosure...
Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-76605 This vulnerability has been assigned a CVEID:CVE-2023-7266...
CVE-2024-36905
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdownSENDSHUTDOWN for TCPSYNRECV sockets TCPSYNRECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash 1, syzbot managed to trigger a divide by zero in...
PT-2024-3513 · Huawei · Huawei Home Routers
Name of the Vulnerable Software and Affected Versions: Huawei home routers affected versions not specified Description: A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause Denial of Service DoS or information leakage. Th...
Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-34408 This vulnerability has been assigned a CVEID:CVE-2023-52718...
CVE-2023-3373
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections session hijacking ...
Cross site request forgery (csrf)
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...
CVE-2019-14899
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...
Modicon M580/M340/Premium/Quantum Insufficient Random Value Usage Vulnerability
The Schneider Electric Modicon M580 is a programmable automation controller.The Schneider Electric Modicon Premium is a large programmable logic controller PLC for discrete or process applications.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process...
WPA2 Protocol Vulnerabilities - US
Lenovo Security Advisory: LEN-17420 Potential Impact: An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames Severity: High Scope of...
Debian DLA-1568-1 : curl security update
Several vulnerabilities were discovered in cURL, an URL transfer library. CVE-2016-7141 When built with NSS and the libnsspem.so library is available at runtime, allows an remote attacker to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificat...
SUSE-SU-2018:2719-1 Security update for openssh-openssl1
This update for openssh-openssl1 fixes the following issues: These security issues were fixed: - CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service bsc1076957. - CVE-2017-15906: The processopen function did...
Cisco Aironet Access Points Multiple WPA2 Vulnerabilities
Cisco Aironet Access Points are prone to key reinstallation attacks against WPA protocol. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...
Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities
Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against WPA protocol. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
Key Reinstallation Attacks: Cryptographic/protocol attack against WPA2
Several vulnerabilities affect the Wi-Fi Protected Access II WPA2 protocol, potentially enabling Man-in-the-Middle MitM attacks between Wifi Clients and Access Points running WPA2 . The impact includes decryption, packet replay, TCP connection hijacking and HTTP content injection...
CVE-2016-5420
CVE-2016-5420 affects curl/libcurl prior to 7.50.1, where the client certificate is not checked when reusing a TLS connection, enabling an attacker to hijack the authentication of an existing connection by leveraging a previously loaded client certificate. The related advisories confirm that this...
samba: Missing downgrade detection
It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections...