PT-2021-1861 · Cisco · Cisco Sd-Wan Vsmart Controller +7

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN products affected versions not specified Cisco IOS XE SD-WAN affected versions not specified Cisco SD-WAN vBond Orchestrator affected versions not specified Cisco SD-WAN vEdge Cloud Routers affected versions not specified Cisco...

The vulnerability of the UDP service in D-Link DSL-2640B router software allows a hacker to gain access to administrative account information.

The vulnerability of the UDP CFM software-based router D-Link DSL-2640B lies in the insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to gain access to administrative credentials remotely...

PT-2021-7683 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A remote denial of service issue was found in the Linux kernel's TIPC kernel module. The tipc link xmit function hits an unknown state while attempting to parse SKBs that are not in th...

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

UBUNTU-CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

DEBIAN-CVE-2020-25645

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The...

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

Lindy 42633 Elevation of Privilege Vulnerability

The Lindy 42633 is a 4-port USB 2.0 Gigabit network server. An elevation of privilege vulnerability exists in the Lindy 42633 2.078.000. The vulnerability stems from the ability to discover the administrative password by sniffing unencrypted UDP traffic. An attacker on the same network could use...

CVE-2020-15062

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic...

CVE-2020-15054

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic...

The vulnerability of the programmatically defined Cisco SD-WAN, related to errors in checking certain fields of protocol messages encapsulated in UDP packets, allows a attacker to cause service failure.

The vulnerability of the programmatically defined Cisco SD-WAN involves errors during the verification of certain fields in the protocol messages encapsulated in UDP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Tenda PA6 Wi-Fi Powerline extender denial of service vulnerability

Tenda PA6 Wi-Fi Powerline extender is a wireless network range extender from Tenda China. A security vulnerability exists in the 'homeplugd' process in the Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21. An attacker can exploit the vulnerability by sending specially crafted UDP packets to...

Treck IPv4/UDP stack mishandling vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. A security vulnerability exists in the Treck IPv4/UDP stack that stems from the program's failure to properly handle differences in the length paramete...

artemis/hornetq: memory exhaustion via UDP and JGroups discovery

It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError...

net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service

snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

The vulnerability of the Simatic programmable logic controller’s software, related to resource exhaustion, allows a intruder to trigger a service failure.

The vulnerability of the Simatic programmable logic controller’s software is related to the exhaustion of resources. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted UDP packets...

The vulnerabilities of SIPROTEC relay protection devices stem from insufficient validation of input data, allowing attackers to trigger malfunctions in the service.

The vulnerability of SIPROTEC relay protection devices is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to trigger a service failure using specially created packets sent to port 50000/UDP...

Multiple Mitsubishi Electric Products Resource Management Error Vulnerability

The Misubishi Electric MELSEC iQ-R series is a programmable logic controller from Misubishi Electric. A resource management error vulnerability exists in several Mitsubishi Electric products. An attacker could cause a denial of service by sending a large amount of data to the MELSOFT transport po...

UBUNTU-CVE-2019-20797

An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by ISendPacket or ISendPacketTo in inetwork.c...

kernel: The flow_dissector feature allows device tracking

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...