Lucene search
K

89 matches found

CNNVD
CNNVD
added 2021/12/25 12:0 a.m.5 views

Netgear NETGEAR 缓冲区错误漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR MediaTek microchips, which originates from an error in the handling of the IEEE 1905 protocol...

8.2CVSS7.3AI score0.01118EPSS
Exploits0References3
Talos
Talos
added 2021/10/11 12:0 a.m.47 views

Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability October 11, 2021 CVE Number CVE-2021-21940 SUMMARY A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase ...

10CVSS9.5AI score0.01292EPSS
Exploits1
CNVD
CNVD
added 2021/08/12 12:0 a.m.20 views

NETGEAR Multiple Products Command Injection Vulnerability

Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. Several NETGEAR devices have a security vulnerability that stems from the product's failure to filter special characters in user input data, which could allo...

6.5CVSS3.9AI score0.00871EPSS
Exploits0Affected Software5
CNVD
CNVD
added 2021/08/06 12:0 a.m.37 views

Multiple Vulnerabilities in Cisco Small Business RV340 and Cisco Small Business

The Cisco Small Business RV340 and the Cisco Small Business are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between networks.Cisco Small Business is a...

10CVSS9.8AI score0.09691EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 8:15 p.m.19 views

Command injection

When a MX Series is configured as a Broadband Network Gateway BNG based on Layer 2 Tunneling Protocol L2TP, executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monito...

2.1CVSS5.6AI score0.00232EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/11/20 12:0 a.m.1 views

Command Execution Vulnerability in Vigor2960

Vigor2960 is a load balancing router and VPN gateway appliance from DrayTek Taiwan, China. The Vigor2960 suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a server...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/02 12:8 p.m.4 views

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...

6AI score
Exploits0
NVD
NVD
added 2020/10/14 7:15 p.m.15 views

CVE-2020-3483

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

7.1CVSS0.00144EPSS
Exploits0References1
OSV
OSV
added 2020/10/14 7:15 p.m.4 views

CVE-2020-3483

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

6.3CVSS6.6AI score0.00144EPSS
Exploits0References1
Prion
Prion
added 2020/10/14 7:15 p.m.13 views

Code injection

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

3.3CVSS6.1AI score0.00144EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/10/14 6:15 p.m.11 views

CVE-2020-3483 Duo Network Gateway (DNG) Information Disclosure Vulnerability

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

7.1CVSS6.4AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/14 6:15 p.m.20 views

CVE-2020-3483 Duo Network Gateway (DNG) Information Disclosure Vulnerability

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

7.1CVSS6.8AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2020/10/14 6:15 p.m.49 views

CVE-2020-3483

CVE-2020-3483 affects Duo Network Gateway (DNG). Root cause: certificate and private key values uploaded for DNG-protected applications were logged in plain-text due to incomplete exclusion in the logging logic. Affected versions: 1.3.3 through 1.5.7. Impact: if attackers gained access to DNG log...

7.1CVSS6.2AI score0.00144EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/07/21 12:0 a.m.2 views

Cisco DuoConnect Authentication Vulnerability

Cisco DuoConnect is a two-factor authentication solution from Cisco USA. A security vulnerability exists in Cisco DuoConnect versions prior to 1.1.1, which stems from the fact that when DuoConnect is configured as 'http://', under certain circumstances, the program sends authentication tokens ove...

5.7CVSS7.1AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/09 11:9 p.m.20 views

CVE-2020-1633 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service

Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway BNG and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded,...

7.4CVSS7.4AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2020/02/28 7:15 p.m.2 views

CVE-2020-1875

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain proce...

5.5CVSS6.1AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2020/02/20 10:15 p.m.3 views

CVE-2019-16298

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...

7.5CVSS7.1AI score0.01673EPSS
Exploits0References1
Prion
Prion
added 2020/02/20 10:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...

5CVSS7.7AI score0.01673EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/20 9:39 p.m.18 views

CVE-2019-16298

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...

7.7AI score0.01673EPSS
Exploits0References1
CVE
CVE
added 2020/02/20 9:39 p.m.89 views

CVE-2019-16298

ONOS 1.14 contains a bug in the Virtual BNG app’s host event listener (org.onosproject.virtualbng) where HOST_MOVED, HOST_REMOVED, and HOST_UPDATED events are not handled. In combination with other applications, this could lead to the absence of intended code execution. The vulnerability is docum...

7.5CVSS7.6AI score0.01673EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder