4 matches found
CVE-2021-35246
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...
PT-2021-23125 · Unknown +1 · Freeswitch +1
Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.7 Description: The issue concerns a Denial of Service vulnerability via SIP flooding. When FreeSWITCH is flooded with SIP messages, it can lead to memory exhaustion, causing the process to be killed by the...
Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware
What could be worse than this, if the software that's meant to protect your devices leave backdoors open for hackers or turn into malware? Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China's biggest and world's 4...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...