184 matches found
CVE-2018-0961
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
Apache Derby External Control Input Vulnerability
Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in Apache Derby versions 10.3.1.4 through 10.14.1.0, which is caused by the program failing to properly validate incoming network packets....
CVE-2018-0159
A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...
CVE-2018-0156
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper validation of packet data. A...
CVE-2017-17151
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient...
Security Advisory - DoS Vulnerability in Some Huawei Products
Some Huawei products have a DoS vulnerability due to insufficient validation of the Network Quality AnalysisNQA packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. Vulnerability I...
Asterisk Information Disclosure Vulnerability
Asterisk is a free software, open source software that implements the functionality of a telephone user switch PBX. Asterisk suffers from an information disclosure vulnerability that stems from insufficient RTCP packet validation, which allows an attacker to exploit the vulnerability to read the...
Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-20383)
Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in the implementation of the H.264 protocol in CMS, which stems from the program failing t...
CVE-2017-0212
Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability"...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
Race condition
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service DoS condition on the affected system. The vulnerability is due to...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
CVE-2015-8712
The dissecthsdschchannelinfo function in epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service application crash via a crafted packet...
CVE-2015-8730
CVE-2015-8730 affects Wireshark NBAP dissector (epan/dissectors/packet-nbap.c): versions 1.12.x before 1.12.9 and 2.0.x before 2.0.1 do not validate the number of items in a crafted packet, enabling a denial of service via invalid read and crash. Affected products: Wireshark 1.12.x, 2.0.x; vulner...
Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities
The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntpcrypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, vi...
freeradius3 -- insufficient validation on packets
Jouni Malinen reports: The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected...
CVE-2014-0077
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service memory corruption and host OS crash or possibly gain privileges on the host OS via crafted packets,...
krb5: UDP ping-pong flaw in kpasswd
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...