PT-2022-35455 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.152 Description: The issue concerns the udp update reuse mechanism. It has been identified that there is a potential security risk, although the actual impact and attack plausibility have not yet been...

Net-SNMP 代码问题漏洞

Net-SNMP is an open source Simple Network Management Protocol SNMP software. The software is used to monitor network devices, computer devices, UPS devices, and so on. A security vulnerability exists in Net-SNMP versions 5.8 through 5.9.3, which originates from a NULL pointer exception error in...

PT-2022-7451

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.8 through 5.9.3 Description The issue is related to a NULL Pointer Exception bug in the handle ipDefaultTTL function. This bug can be exploited by a remote attacker with write access to cause the instance to crash via a...

Vulnerability fixed in BVMS Operator Client

Bosch has fixed a vulnerability in the Bosch Video Management System BVMS. When using cameras of type CPP13 and/or CPP14.x, a malicious party can access gain access to the video stream through a Man-in-the-middle attack. The vulnerability is in the encryption of the UDP traffic, which fails under...

PT-2022-21357 · Bosch · Videojet Decoder Vjd-7513 +1

Name of the Vulnerable Software and Affected Versions: BVMS versions 10.1.1 through 11.1.0 VIDEOJET Decoder VJD-7513 versions 10.23 through 10.30 Description: The issue allows a man-in-the-middle attacker to compromise confidential video streams. This is applicable when the target system contains...

Open5GS 安全漏洞

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from a problem with unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler, which can be...

PT-2022-6347 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points affected versions not specified Description: A vulnerability in the UDP processing functionality could allow an unauthenticated, remote attacker to...

Zyxel NAS326 格式化字符串错误漏洞

The Zyxel NAS326 is a cloud storage NAS from China's Heqin Technology Zyxel. A security vulnerability exists in Zyxel NAS326 firmware prior to V5.21 AAZF.12 C0, which stems from a vulnerability that allows an attacker to achieve unauthorized remote code execution via a crafted UDP packet exploiti...

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Japan. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a security vulnerability that stems from a failure of the CMS800 device when attempting to par...

The vulnerability of the “SIP ALG” module (SIP Application Layer Gateway) in the Realtek SDK for the eCos operating system allows a hacker to execute arbitrary code.

The vulnerability of the “SIP ALG” module SIP Application Layer Gateway in the Realtek SDK for the eCos operating system is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted UDP packet...

The vulnerability of the UDP protocol implementation in Cisco IOS XE and Cisco IOS operating systems allows a hacker to induce a service failure.

The vulnerability of UDP protocol implementations in Cisco IOS XE and Cisco IOS lies in the absence of proper closure of UDP sockets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2022-26071

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attack...

CVE-2022-26071

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attack...

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...

CVE-2022-20757

A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity because software that relies on UDP source port randomization are indirectly affected as well.

...

DEBIAN-CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

PT-2021-14829 · Unknown · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA check udp crc function. This can be triggered by a specially-crafted packet, leading to a buffer overflow during a call to strcpy. An attacker can...

PJSIP 数字错误漏洞

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP suffers from a numeric error vulnerability that stems from the fact that an incoming STUN message containing the ERROR-CODE...

CVE-2021-31345

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions. The total length of an UDP payload set in the IP header is unchecked. This may lead to various side effects, including...