Yi Home Camera Denial of Service Vulnerability (CNVD-2018-22815)

Yi Home Camera is an IoT home camera sold worldwide. A denial of service vulnerability exists in the UDP networking functionality of Yi Home Camera 27US 1.8.7.0D. An attacker can exploit the vulnerability by sending a specially crafted set of UDP packets to cause a denial of service...

Yi Home Camera Authentication Bypass Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. An authentication bypass vulnerability exists in the firmware update feature of the Yi Home Camera 27US 1.8.7.0D. An attacker can exploit the vulnerability by sniffing network traffic and sending a specially crafted set of UDP packets resulting...

CVE-2018-3935

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

CVE-2018-3934

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger...

PT-2018-16327 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the UDP network functionality. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker c...

PT-2018-16326 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker ca...

kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash

A null pointer dereference in dccpwritexmit function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls...

DEBIAN-CVE-2018-18066

snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

Insteon Hub Denial of Service Vulnerability (CNVD-2018-16874)

The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A denial of service vulnerability exists in the Insteon Hub using firmware version 1012. An attacker can exploit this...

CVE-2017-16348

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability...

PT-2018-6277 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: A denial of service issue exists due to leftover demo functionality, allowing an attacker to reboot the device without authentication by sending a UDP packet. Recommendations: For version 1012, consider...

memcached: UDP server support allows spoofed traffic amplification DoS

It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service DDoS attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causi...

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation before 2.6.22.17 used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the syst...

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation before 2.6.22.17 used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the syst...

UBUNTU-CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation before 2.6.22.17 used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the syst...

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation before 2.6.22.17 used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the syst...

CVE-2018-0031

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a...

memcached: UDP server support allows spoofed traffic amplification DoS

It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service DDoS attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causi...

USN-3677-2 linux-hwe, linux-gcp, linux-oem vulnerabilities

USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate...

Ubuntu: Security Advisory (USN-3677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...