Lucene search
K

10 matches found

Prion
Prion
added 2023/10/10 5:15 p.m.19 views

Code injection

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

5CVSS7.9AI score0.00973EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.5 views

SUSE CVE-2020-25108

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

9.8CVSS9.3AI score0.52259EPSS
Exploits0References3
NVD
NVD
added 2020/12/11 11:15 p.m.8 views

CVE-2020-25108

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

9.8CVSS9.7AI score0.52259EPSS
Exploits0References2
NVD
NVD
added 2020/12/11 11:15 p.m.10 views

CVE-2020-25107

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

9.8CVSS9.7AI score0.52259EPSS
Exploits0References2
NVD
NVD
added 2020/12/11 11:15 p.m.20 views

CVE-2020-25109

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

9.8CVSS9.7AI score0.52259EPSS
Exploits0References2
Prion
Prion
added 2020/12/11 11:15 p.m.15 views

Remote code execution

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

7.5CVSS9.5AI score0.52259EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/12/11 10:59 p.m.71 views

CVE-2020-25110

CVE-2020-25110 is part of the AMNESIA:33 set affecting the Nut/Net DNS processing in Nut/OS components. The SUSE and CERT-derived documents describe a memory-corruption vulnerability caused by not validating the DNS data length when parsing DNS questions/responses, enabling denial-of-service and ...

9.8CVSS9.5AI score0.52259EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/11 10:58 p.m.12 views

CVE-2020-25109

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

9.7AI score0.52259EPSS
Exploits0References2
CVE
CVE
added 2020/12/11 10:58 p.m.65 views

CVE-2020-25109

CVE-2020-25109 affects Nut/OS (Ethernut) 5.1 and earlier in the DNS implementation. The issue is that the number of DNS queries/responses (as set in the DNS header) is not checked against the available data, enabling potential denial of service and possibly remote code execution. Connected adviso...

9.8CVSS9.5AI score0.52259EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.6 views

Contiki 缓冲区错误漏洞

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check if a domain name ends in '0'. An attacker cou...

9.8CVSS7.9AI score0.52259EPSS
Exploits0References4
Rows per page
Query Builder