36 matches found
GHSA-3WCQ-X3MQ-6R9P Potential memory exposure in dns-packet
This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...
CVE-2021-23386
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...
dns-packet 信息泄露漏洞
dns-packet is a software application. An abstraction encodes a dependency model for encoding/decoding DNS packets. A security vulnerability exists in Mathias Buus dns-packet versions prior to 5.2.2, which can be exploited by an attacker to expose internal application memory over an unencrypted...
TP-Link TL-PS310U Elevation of Privilege Vulnerability
The TP-Link TL-PS310U is a single USB 2.0 port MFP and storage server. An elevation of privilege vulnerability exists in versions prior to TP-Link TL-PS310U 2.079.000.t0210, which stems from the ability to discover administrative passwords by sniffing unencrypted UDP traffic, and can be exploited...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2018-16225
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...
Authentication flaw
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...
CVE-2018-16225
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...
CVE-2018-16225
The CVE-2018-16225 entry concerns the QBee MultiSensor Camera (up to firmware 4.16.4). The issue arises from unencrypted network traffic from clients (e.g., QBee Cam app up to Android 1.0.5, Swisscom Home app up to Android 10.7.2), enabling an attacker to reuse cookies to bypass authentication an...
CVE-2017-14953
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an...
CVE-2012-3725
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...
Information disclosure
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...
CVE-2012-3725
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi...
KDE Security Advisory: Secure Cookie Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Secure Cookie Vulnerability Original Release Date: 2002-09-08 URL: http://www.kde.org/info/security/advisory-20020908-1.txt 0. References None. 1. Systems affected: Konqueror in KDE 3.0, KDE 3.0.1 and KDE 3.0.2. KDE 2.2.2 and KD...
Sun SunPCi II VNC Software 2.3 - Password Disclosure
Sun SunPCi II VNC Software 2.3 - Password Disclosure // source: https://www.securityfocus.com/bid/5146/info The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is...
cryptcat does not encrypt data communications when -e command argument is used
Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...