CVE-2023-20051

A vulnerability in the Vector Packet Processor VPP of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker...

Cisco Packet Data Network Gateway 安全漏洞

Cisco Packet Data Network Gateway is a key network function of Cisco's 4G mobile core network.PGW serves as an interface between the LTE network and other packet data networks. A security vulnerability exists in the Cisco Packet Data Network Gateway that arises from the Vector Packet Processor no...

CVE-2023-20051 Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability

A vulnerability in the Vector Packet Processor VPP of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker...

Initialization vector reuse in end-to-end encryption allows a malicious server admin to break manipulate and access files

None...

Debian: Security Advisory (DLA-3376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

CVE-2023-0343

CVE-2023-0343 affects Akuvox E11. The vulnerability is in a function that encrypts messages before forwarding, where both the IV and the cryptographic key are static. This configuration could allow an attacker to decrypt messages. The exposed component is the device’s encryption function (CBC-rel...

CVE-2023-0343 CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

CVE-2023-0343 CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

SUSE CVE-2023-22644

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

Mattermost 跨站脚本漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from Boards that allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29423)

Corel CorelDRAW Graphics Suite is a vector graphics editing software from Corel Digital Technology Canada. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by an attacker to read more than the end of the allocated object...

PT-2023-16196 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns a function in Akuvox E11 that encrypts messages before forwarding them. This function uses a static IV vector and key, which could potentially allow an attacker to...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-28103 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-28103 Source advisory: OSV:GHSA-6G43-88CP-W5GV...

CVE-2022-43609

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files...

WordPress Plugin ProfilePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

IronCAD 缓冲区错误漏洞

IronCAD is a software product for 3D and 2D CAD design from IronCAD, Inc. A buffer error vulnerability exists in IronCAD that originates when parsing a VECTOR element, where the process does not properly initialize the pointer before accessing it...

CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

Code injection

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...