123 matches found
Authentication flaw
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet...
CVE-2020-5547
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet...
CVE-2020-5547
CVE-2020-5547 applies to Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware (versions 1.0.7 and earlier). The issue is a Resource Management Error in the TCP function of the device, which can allow remote attackers to stop network functions or install malware via specially crafted packets....
CVE-2020-5545
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet...
CVE-2020-5543
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet...
CVE-2020-5544
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet...
CVE-2020-5542
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet...
The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) arises from insufficient validation of input data, allowing attackers to disclose sensitive information that should be protected.
The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS exists due to insufficient testing of input data. Exploiting this vulnerability could allow a attacker to disclose protected information...
CVE-2019-1984 Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover
A critical vulnerability in the Cisco Elastic Services Controller could allow an unauthenticated, remote attacker to take full control of impacted systems – merely by sending a crafted request. Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to...
Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability
Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A cross-site request forgery vulnerabilit...
CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3508)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3508 advisory. - KEYS: Fix short sprintf buffer in /proc/keys show function David Howells Orabug: 25306361 CVE-2016-7042 - tcp: fix use after free in...
Cybozu Office vulnerable to open redirect
Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...
JVN#71428831: Cybozu Office vulnerable to open redirect
Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...
Flexible DDoS Defense: Bohatei
DDoS defense today relies on expensive and proprietary hardware appliances deployed at fixed locations. This introduces key limitations with respect to flexibility e.g., complex routing to get traffic to these “chokepoints” and elasticity in handling changing attack patterns. We observe an...
JVN#68773685: AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Impact Network functions may be disabled by a remote attacker. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...
Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...
NetBSD network functions buffer overflow
Buffer overflow on oversized argument in getservbyname and getservbyport...
USN-1074-1: Linux kernel vulnerabilities
Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2009-4895 Dan Rosenberg discovered that the MOVEEXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only...