CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

CVE-2020-17438

CVE-2020-17438 affects uIP 1.0 (used in Contiki 3.0 and other products). The IP reassembly code fails to validate the total packet length and fragmentation offset, enabling crafted IP headers to write past the static buffer into the .bss area, causing a denial of service in uip_reass() and potent...

CVE-2020-17529

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX incubating versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIGEXPERIMENTAL and...

CVE-2020-17529

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX incubating versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIGEXPERIMENTAL and...

Cross site scripting

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX incubating versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIGEXPERIMENTAL and...

CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

Fedora 32 : tcpreplay (2020-f47830961a)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

zeek -- Various vulnerabilities

Jon Siwek of Corelight reports: This release fixes the following security issues: Fix potential stack overflow in NVT analyzer Fix NVT analyzer memory leak from multiple telnet authn name options Fix multiple content-transfer-encoding headers causing a memory leak Fix potential leak of Analyzers...

CVE-2019-11829

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

Command injection

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

CVE-2019-11829

OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...

Buffer Over-Read

QEMU is vulnerable to buffer over-read attacks. This occurs in the vmxnettxpktparseheaders function in hw/net/vmxnettxpkt.c. which allows local guest OS administrators to cause a denial of service by leveraging failure to check IP header length resulting an application crash...

CVE-2018-19510

subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header...

Sql injection

subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header...

CVE-2018-16601

An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...

CVE-2018-16601

An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...

CVE-2018-16601

An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3797-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3797-2 advisory. USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3797-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3797-1 advisory. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to...