SUSE CVE-2012-5962

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType aka urn field in a UDP pack...

SUSE CVE-2012-5964

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType aka urn service field in a...

SUSE CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response...

SUSE CVE-2016-9312

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet...

SUSE CVE-2018-18065

setkey in agent/helpers/tablecontainer.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

SUSE CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...

SUSE CVE-2018-1000116

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution...

SUSE CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

SUSE CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

SUSE CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

SUSE CVE-2020-35471

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500...

SUSE CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

SUSE CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

SUSE CVE-2022-44792

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

PT-2023-2968 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue is related to insufficient protection of service data in the Enhanced Security mode of the Teacher Console and Student Console of the Faronics Insight platform. Exploitation of this...

The vulnerability of the Core server component of Oracle Communications Converged Application Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle Communications Converged Application Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the UDP network protocol...

CVE-2022-41009

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2023-21890

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications component: Core. Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle...

Oracle Communications Converged Application Server 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation. A security vulnerability exists in Oracle Communications Converged Application Server versions 7.1...

PT-2023-1184 · Oracle · Oracle Communications Converged Application Server

Name of the Vulnerable Software and Affected Versions: Oracle Communications Converged Application Server versions 7.1.0 through 8.0.0 Description: The issue is related to insufficient input validation in the Core component of the Oracle Communications Converged Application Server, allowing an...