Lucene search
K

184 matches found

Cvelist
Cvelist
added 2018/05/09 7:0 p.m.27 views

CVE-2018-0961

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

8.4AI score0.02984EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/09 12:0 a.m.2 views

Apache Derby External Control Input Vulnerability

Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in Apache Derby versions 10.3.1.4 through 10.14.1.0, which is caused by the program failing to properly validate incoming network packets....

5.3CVSS6.9AI score0.04504EPSS
Exploits0References1
OSV
OSV
added 2018/03/28 10:29 p.m.3 views

CVE-2018-0159

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...

7.5CVSS5.8AI score0.06874EPSS
Exploits0References4
OSV
OSV
added 2018/03/28 10:29 p.m.4 views

CVE-2018-0156

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper validation of packet data. A...

7.5CVSS5.8AI score0.08369EPSS
Exploits0References6
OSV
OSV
added 2018/02/15 4:29 p.m.4 views

CVE-2017-17151

Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient...

5.9CVSS5.8AI score0.00788EPSS
Exploits0References1
Huawei
Huawei
added 2017/12/06 12:0 a.m.28 views

Security Advisory - DoS Vulnerability in Some Huawei Products

Some Huawei products have a DoS vulnerability due to insufficient validation of the Network Quality AnalysisNQA packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. Vulnerability I...

7.8CVSS7.5AI score0.01295EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2017/10/09 12:0 a.m.2 views

Asterisk Information Disclosure Vulnerability

Asterisk is a free software, open source software that implements the functionality of a telephone user switch PBX. Asterisk suffers from an information disclosure vulnerability that stems from insufficient RTCP packet validation, which allows an attacker to exploit the vulnerability to read the...

7.5CVSS7.1AI score0.03156EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/04 12:0 a.m.4 views

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-20383)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in the implementation of the H.264 protocol in CMS, which stems from the program failing t...

7.5CVSS6.8AI score0.02322EPSS
Exploits0References1
OSV
OSV
added 2017/05/12 2:29 p.m.2 views

CVE-2017-0212

Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability"...

7.6CVSS5.8AI score0.01137EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/05/09 4:41 p.m.8 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
Prion
Prion
added 2017/04/20 10:59 p.m.10 views

Race condition

A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service DoS condition on the affected system. The vulnerability is due to...

5CVSS5.7AI score0.01986EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2017/01/13 12:0 a.m.6 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:6 a.m.5 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:5 a.m.5 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
OSV
OSV
added 2016/01/04 5:59 a.m.3 views

CVE-2015-8712

The dissecthsdschchannelinfo function in epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.5CVSS5.3AI score
Exploits0References8
CVE
CVE
added 2016/01/04 2:0 a.m.91 views

CVE-2015-8730

CVE-2015-8730 affects Wireshark NBAP dissector (epan/dissectors/packet-nbap.c): versions 1.12.x before 1.12.9 and 2.0.x before 2.0.1 do not validate the number of items in a crafted packet, enabling a denial of service via invalid read and crash. Affected products: Wireshark 1.12.x, 2.0.x; vulner...

5.5CVSS5.2AI score0.04509EPSS
Exploits1References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/10/28 12:0 a.m.110 views

Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntpcrypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, vi...

9.8CVSS7.1AI score0.81762EPSS
Exploits8References22
FreeBSD
FreeBSD
added 2015/04/04 12:0 a.m.17 views

freeradius3 -- insufficient validation on packets

Jouni Malinen reports: The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected...

4AI score
Exploits0References1
OSV
OSV
added 2014/04/14 11:55 p.m.6 views

CVE-2014-0077

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service memory corruption and host OS crash or possibly gain privileges on the host OS via crafted packets,...

6.4AI score
Exploits0References12
RedHat Linux
RedHat Linux
added 2013/06/12 4:46 p.m.4 views

krb5: UDP ping-pong flaw in kpasswd

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS7.3AI score0.06485EPSS
Exploits0References4
Rows per page
Query Builder