GHSA-P72G-CGH9-GHJG Failing DTLS handshakes may cause throttling to block processing of records

Impact Failing handshakes didn't cleanup counters for throttling. In consequence the threshold may get reached and will not be released again. The results in permanently dropping records. The issues was reported for certificate based handshakes, but it can't be excluded, that this happens also fo...

DEBIAN-CVE-2022-44792

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

Net-SNMP 代码问题漏洞

Net-SNMP is an open source Simple Network Management Protocol SNMP software. The software is used to monitor network devices, computer devices, UPS devices, and so on. A security vulnerability exists in Net-SNMP versions 5.8 through 5.9.3, which originates from a NULL pointer exception error in...

PT-2022-7452

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.4.3 through 5.9.3 Description The issue is related to a NULL Pointer Exception bug in the handle ipv6IpForwarding function. This bug can be exploited by a remote attacker using a specially crafted UDP packet, resulting in a...

PT-2022-7451

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.8 through 5.9.3 Description The issue is related to a NULL Pointer Exception bug in the handle ipDefaultTTL function. This bug can be exploited by a remote attacker with write access to cause the instance to crash via a...

Vulnerability fixed in BVMS Operator Client

Bosch has fixed a vulnerability in the Bosch Video Management System BVMS. When using cameras of type CPP13 and/or CPP14.x, a malicious party can access gain access to the video stream through a Man-in-the-middle attack. The vulnerability is in the encryption of the UDP traffic, which fails under...

CVE-2022-20848

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of...

PT-2022-21357 · Bosch · Videojet Decoder Vjd-7513 +1

Name of the Vulnerable Software and Affected Versions: BVMS versions 10.1.1 through 11.1.0 VIDEOJET Decoder VJD-7513 versions 10.23 through 10.30 Description: The issue allows a man-in-the-middle attacker to compromise confidential video streams. This is applicable when the target system contains...

CVE-2022-3354

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and ma...

PT-2022-6347 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points affected versions not specified Description: A vulnerability in the UDP processing functionality could allow an unauthenticated, remote attacker to...

Open5GS 安全漏洞

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from a problem with unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler, which can be...

Cisco Catalyst 资源管理错误漏洞

Cisco Catalyst is a family of switches from Cisco USA. The Cisco Catalyst 9100 is vulnerable to a resource management error vulnerability that stems from improper handling of UDP datagrams. A remote attacker could exploit this vulnerability to perform a Denial of Service DoS attack...

DEBIAN-CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS...

UBUNTU-CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS...

The vulnerability of the udp6_input() function in the TCP-IP emulator library Libslirp, which allows a hacker to gain unauthorized access to protected information

The vulnerability in the implementation of the udp6input function of the TCP-IP emulator Libslirp is related to the use of an uninitialized pointer when processing UDP packets with a smaller size compared to the udphdr structure. Exploiting this vulnerability could allow an attacker to gain...

Ericsson Erlang 授权问题漏洞

Ericsson Erlang is a general-purpose concurrency-oriented programming language from Ericsson, Sweden. A security vulnerability exists in Erlang versions prior to 23.3.4.15, 24.x up to 24.3.4.2, and 25.x up to 25.0.2, which stems from bypassing client authentication in certain client-side...

CVE-2022-34747

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet...

Zyxel NAS326 格式化字符串错误漏洞

The Zyxel NAS326 is a cloud storage NAS from China's Heqin Technology Zyxel. A security vulnerability exists in Zyxel NAS326 firmware prior to V5.21 AAZF.12 C0, which stems from a vulnerability that allows an attacker to achieve unauthorized remote code execution via a crafted UDP packet exploiti...

PT-2022-4660 · Zyxel · Zyxel Nas326 +2

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS540 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS542 firmware versions prior to V5.21AAZF.12C0 Description: A format string vulnerability could allow an attacker to achieve...

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A buffer error vulnerability exists in Contiki-NG versions prior to 4.8, which stems from not checking if the packet buffer is large enough to fit into the full UDP header structure...