359 matches found
CVE-2023-28078
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are...
CVE-2023-28078
CVE-2023-28078 affects Dell OS10 Networking Switches versions 10.5.2.x and above . A vulnerability in the zeroMQ component when VLT is configured allows a remote unauthenticated attacker to cause information disclosure and potential Denial of Service by sending a large volume of requests. The iss...
OESA-2024-1133 zeromq security update
ZeroMQ also spelled ØMQ, 0MQ or ZMQ is a high-performance asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated message broker. The library's API is...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : ZeroMQ vulnerabilities (USN-4920-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4920-1 advisory. It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause...
K72403108: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938
Security Advisory Description CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertypeprint. CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum. CVE-2016-7938 The ZeroMQ parser in tcpdump...
SUSE CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
SUSE CVE-2016-7938
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1printframe...
SUSE CVE-2020-15166
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...
SUSE CVE-2020-36400
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcpread, a different vulnerability than CVE-2021-20235...
SUSE CVE-2021-20234
An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...
SUSE CVE-2021-20236
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...
SUSE CVE-2021-20237
An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...
USN-4920-1: ZeroMQ vulnerabilities
It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. CVE-2019-13132 It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could u...
USN-4920-1 zeromq3 vulnerabilities
It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. CVE-2019-13132 It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could u...
SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot
A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to bloc...
Mageia: Security Advisory (MGASA-2021-0159)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0367)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0323)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities
Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...