1171 matches found
CVE-2024-31905
IBM QRadar Network Packet Capture 7.5 is affected by CVE-2024-31905 due to failure to properly enable HTTP Strict Transport Security, enabling man-in-the-middle–style access to sensitive information. The issue is network-exploitable (AV:N, AC:H, PR:N, UI:N, S:U) with confidentiality impact HIGH a...
Unspecified Vulnerability in Wireshark (CNVD-2024-39128)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that stems from allowing a remote attacker to cause a...
CVE-2024-27823
A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to...
How to Enable Promiscuous Mode on a Physical Network Card
This article describes how to enable promiscuous mode on a physical Network Interface Card NIC.In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that...
AZL-68252 CVE-2024-40999 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for R...
CVE-2024-39490 ipv6: sr: fix missing sk_buff release in seg6_input_core
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing skbuff release in seg6inputcore The seg6input function is responsible for adding the SRH into a packet, delegating the operation to the seg6inputcore. This function uses the skbcowhead to ensure that there i...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection (CVE-2024-32937) affects GXP2135 devices (firmware 1.0.9.129, 1.0.11.74, 1.0.11.79). The vulnerability stems from an unfiltered TimeZone parameter processed in the CWMP handler (set_selfdefinedtimezone_value) which builds and execu...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
The vulnerability of the implementation of the Link Layer Topology Discovery Protocol (LLTD) in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Link Layer Topology Discovery Protocol LLTD implementation in Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted network packet...
The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.
The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted network packet remotely...
The vulnerability of the Wi-Fi driver for Windows operating systems, allowing a hacker to execute arbitrary code
The vulnerability of Wi-Fi operating system Windows drivers is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted network packet...
iptables bug fix update
An update is available for iptables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The iptables utility controls the network packet filtering code in the Linux...
Unspecified Vulnerability in Wireshark (CNVD-2024-39130)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability. An attacker could exploit the vulnerability to cause a...
Unspecified Vulnerability in Wireshark (CNVD-2024-39129)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability. An attacker could exploit the vulnerability to cause a...
CVE-2024-24963
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...
CVE-2024-24962
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...
CVE-2024-24963
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...
CVE-2024-24962
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...