1883 matches found
AZL-33962 CVE-2024-23849 affecting package kernel for versions less than 5.15.153.1-1
In rdsrecvtracklatency in net/rds/afrds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDSMSGRXDGRAMTRACEMAX comparison, resulting in out-of-bounds access...
UBUNTU-CVE-2023-39197
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol...
PT-2024-3791 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a function in the Linux kernel's implementation of the Reliable Datagram Sockets RDS protocol. It involves reading memory beyond the allocated buffer, potential...
PT-2024-1292
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.7.1 Description The issue is related to an off-by-one error in the rds recv track latency function in the Linux kernel, specifically in the net/rds/af rds.c file. This error occurs during an RDS MSG RX DGRAM TRA...
Contiki-NG Security Vulnerability
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and earlier versions, which stems from the DTLS server incorrectly handling the early use of large epoch numbe...
Medium: net-snmp
Issue Overview: handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2022-44793 Affected...
FreeSWITCH 1.10.10 Denial Of Service Vulnerability
When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...
OESA-2023-1941 erlang security update
Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...
GHSA-6GGR-CWV4-G7QG Remotely exploitable denial of service in Rosenpass
Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...
Remotely exploitable denial of service in Rosenpass
Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...
The vulnerability of the implementations of DTLS (Datagram Transport Layer Security) and SRTP protocols in Asterisk IP-telephony management systems and Certified Asterisk allows a attacker to induce a service failure.
The vulnerability of DTLS and SRTP protocols for Asterisk IP-telephony systems and Certified Asterisk arises from the behavior of the message processing mechanism during ClientHello messages. Exploiting this vulnerability allows a malicious actor to cause service failures...
RTPEngine mr11.5.1.6 Denial Of Service
RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-03-rtpengine-dtls-hello-race - Vendor...
DEBIAN-CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...
UBUNTU-CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...
CVE-2023-47279
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying...
CVE-2023-39226
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet...
Delta Electronics InfraSuite Device Master Security Vulnerability
Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions that originated from a...
PT-2023-7416 · Delta Electronics · Infrasuite Device Master
Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: The issue is related to the use of dangerous methods or functions in the software, allowing a remote attacker to execute arbitrary code by sending a specially crafted UDP...
CVE-2023-40151
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...
CVE-2023-43503
A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...