Lucene search
K

1170 matches found

Cvelist
Cvelist
added 2025/01/14 12:0 a.m.23 views

CVE-2025-23018

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...

5.4CVSS0.0101EPSS
Exploits0References3
CVE
CVE
added 2025/01/14 12:0 a.m.93 views

CVE-2025-23018

CVE-2025-23018 covers the IPv4-in-IPv6 tunneling case where RFC 2473 traffic can be accepted without validating the packet source. The result is spoofing and potential to route arbitrary traffic via an exposed network interface. Connected sources corroborate a lack of source verification for cert...

6.5CVSS7.2AI score0.0101EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

Magma 安全漏洞

Magma is an open source software platform from Magma Open Source. An open, flexible and scalable mobile core network solution for network operators. A security vulnerability exists in Magma version v1.8.0, which stems from a reachable assertion in a function that allows an attacker to trigger a...

7.5CVSS8.8AI score0.00489EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.4 views

kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module

A flaw was found in the Linux kernel, specifically within its Network Service Header NSH module. A local attacker could exploit this vulnerability by sending specially crafted network packets, which would cause the system to crash. This issue, a type of Denial of Service DoS, arises from an...

5.8AI score0.00184EPSS
Exploits0References5
NVD
NVD
added 2024/11/06 11:15 p.m.16 views

CVE-2024-51409

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware...

6.5CVSS0.0041EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.2 views

PT-2024-34623 · Tenda · Tenda O3

Name of the Vulnerable Software and Affected Versions: Tenda O3 version 1.0.0.5 Description: The issue is a Buffer Overflow that allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware. This flaw ca...

6.5CVSS7.1AI score0.0041EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.3 views

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. The Tenda O3 suffers from a buffer overflow vulnerability that originates from a boundary error when the application processes untrusted input. A remote attacker could use this vulnerability to cause a denial of service via a fixed-format...

6.5CVSS7.3AI score0.0041EPSS
Exploits1References2
CVE
CVE
added 2024/11/06 12:0 a.m.63 views

CVE-2024-51409

Affected product: Tenda O3 router (firmware 1.0.0.5). The issue is a Buffer Overflow in processing untrusted input from a fixed-format network packet, leading to remote DoS. Root cause is a boundary/overflow condition in input handling. Exploitation details are not fully provided in the documents...

6.5CVSS7AI score0.0041EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/06 12:0 a.m.25 views

CVE-2024-51409

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware...

0.0041EPSS
Exploits1References1
OSV
OSV
added 2024/10/21 8:15 p.m.2 views

UBUNTU-CVE-2022-48964

In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravbrxgbeth The skb is delivered to napigroreceive which may free it, after calling this, dereferencing skb may trigger use-after-free...

7.8CVSS5.7AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 2024/10/10 6:12 p.m.5 views

CLSA-2024-1728583928 Fix of 18 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dcvalidatestream CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpioid before used as array index...

7.8CVSS6.8AI score0.00299EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/09/28 2:51 a.m.1 views

SUSE CVE-2024-46854

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETHZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETHZLEN, ensuring nothing is leaked in the padding...

6.5CVSS6.3AI score0.00235EPSS
Exploits0References21
CVE
CVE
added 2024/09/17 5:13 p.m.303 views

CVE-2024-38813

CVE-2024-38813 : Privilege-escalation in VMware vCenter Server. A remote attacker with network access could trigger a flaw by sending a specially crafted packet to escalate to root. NVD lists CVSS v3.1 base score 9.8 (CRITICAL) with network access, no user interaction. Related documents also desc...

9.8CVSS8.9AI score0.16676EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/09/17 12:0 a.m.45 views

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.8CVSS7.4AI score0.16676EPSS
In wildExploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.5 views

The vulnerability of IBM QRadar Network Packet Capture in capturing network traffic lies in the lack of data encryption measures, which allows attackers to disclose protected information.

The vulnerability of IBM QRadar Network Packet Capture relates to the lack of measures for data encryption. Exploiting this vulnerability could allow a malicious actor to disclose protected information by executing a “man-in-the-middle” attack...

5.9CVSS5.4AI score0.00303EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/15 5:15 p.m.12 views

CVE-2024-31905

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00303EPSS
Exploits0References1
OSV
OSV
added 2024/08/15 5:15 p.m.1 views

CVE-2024-31905

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/15 4:56 p.m.13 views

CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS6AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2024/08/15 4:56 p.m.59 views

CVE-2024-31905

IBM QRadar Network Packet Capture 7.5 is affected by CVE-2024-31905 due to failure to properly enable HTTP Strict Transport Security, enabling man-in-the-middle–style access to sensitive information. The issue is network-exploitable (AV:N, AC:H, PR:N, UI:N, S:U) with confidentiality impact HIGH a...

5.9CVSS6AI score0.00303EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/15 4:56 p.m.19 views

CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00303EPSS
Exploits0References1
Rows per page
Query Builder