Lucene search
K

36 matches found

OSV
OSV
added 2021/05/24 7:51 p.m.1 views

GHSA-3WCQ-X3MQ-6R9P Potential memory exposure in dns-packet

This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...

7.7CVSS6.9AI score0.01425EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/05/20 4:12 p.m.3 views

CVE-2021-23386

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...

7.7CVSS5.3AI score0.01425EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/20 12:0 a.m.7 views

dns-packet 信息泄露漏洞

dns-packet is a software application. An abstraction encodes a dependency model for encoding/decoding DNS packets. A security vulnerability exists in Mathias Buus dns-packet versions prior to 5.2.2, which can be exploited by an attacker to expose internal application memory over an unencrypted...

7.7CVSS7.4AI score0.01425EPSS
Exploits0References5
CNVD
CNVD
added 2020/08/10 12:0 a.m.3 views

TP-Link TL-PS310U Elevation of Privilege Vulnerability

The TP-Link TL-PS310U is a single USB 2.0 port MFP and storage server. An elevation of privilege vulnerability exists in versions prior to TP-Link TL-PS310U 2.079.000.t0210, which stems from the ability to discover administrative passwords by sniffing unencrypted UDP traffic, and can be exploited...

8.8CVSS7.2AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2019/07/30 9:15 p.m.35 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS8.1AI score0.00668EPSS
Exploits1References3
NVD
NVD
added 2018/09/18 9:29 p.m.23 views

CVE-2018-16225

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...

6.5CVSS6.6AI score0.00616EPSS
Exploits1References2
Prion
Prion
added 2018/09/18 9:29 p.m.25 views

Authentication flaw

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...

6.1CVSS6.5AI score0.00616EPSS
Exploits1References2Affected Software3
Cvelist
Cvelist
added 2018/09/18 9:0 p.m.29 views

CVE-2018-16225

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...

6.6AI score0.00616EPSS
Exploits1References2
CVE
CVE
added 2018/09/18 9:0 p.m.56 views

CVE-2018-16225

The CVE-2018-16225 entry concerns the QBee MultiSensor Camera (up to firmware 4.16.4). The issue arises from unencrypted network traffic from clients (e.g., QBee Cam app up to Android 1.0.5, Swisscom Home app up to Android 10.7.2), enabling an attacker to reuse cookies to bypass authentication an...

6.5CVSS6.5AI score0.00616EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/12/01 5:29 p.m.3 views

CVE-2017-14953

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an...

6.5CVSS5.9AI score0.00492EPSS
Exploits2References2
NVD
NVD
added 2012/09/20 9:55 p.m.23 views

CVE-2012-3725

The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...

3.3CVSS5.3AI score0.00748EPSS
Exploits0References3
Prion
Prion
added 2012/09/20 9:55 p.m.16 views

Information disclosure

The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...

3.3CVSS5.7AI score0.00748EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/09/20 9:0 p.m.29 views

CVE-2012-3725

The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...

5.3AI score0.00748EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/09/11 12:0 a.m.25 views

KDE Security Advisory: Secure Cookie Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Secure Cookie Vulnerability Original Release Date: 2002-09-08 URL: http://www.kde.org/info/security/advisory-20020908-1.txt 0. References None. 1. Systems affected: Konqueror in KDE 3.0, KDE 3.0.1 and KDE 3.0.2. KDE 2.2.2 and KD...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2002/07/03 12:0 a.m.31 views

Sun SunPCi II VNC Software 2.3 - Password Disclosure

Sun SunPCi II VNC Software 2.3 - Password Disclosure // source: https://www.securityfocus.com/bid/5146/info The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is...

Exploits0
CERT
CERT
added 2002/03/03 12:0 a.m.31 views

cryptcat does not encrypt data communications when -e command argument is used

Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...

6.8AI score
Exploits0References1
Rows per page
Query Builder