Contemporary Controls BASrouter BACnet BASRT-B 安全漏洞

Contemporary Controls BASrouter BACnet BASRT-B is a router from Contemporary Controls. A security vulnerability exists in Contemporary Controls BASrouter BACnet BASRT-B version 2.7.2, which originates from the component Application Protocol Data Unit that causes a denial of service...

CVE-2024-4791 Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service

A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit h...

PT-2024-32885 · Contemporary Control System · Basrouter Bacnet Basrt-B

Name of the Vulnerable Software and Affected Versions: Contemporary Control System BASrouter BACnet BASRT-B version 2.7.2 Description: A critical vulnerability was found in the Application Protocol Data Unit component, which can be exploited remotely, leading to denial of service. The exploit has...

[SECURITY] Fedora 40 Update: libcoap-4.3.4a-2.fc40

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

[SECURITY] Fedora 39 Update: libcoap-4.3.4a-2.fc39

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an unauthenticated denial of service vulnerabili...

CVE-2024-2169

CVE-2024-2169 describes a DoS by network loops via UDP in implementations of UDP application protocols. Connected sources show concrete details for MikroTik RouterOS (vulnerable: <6.49.12 and

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

PT-2023-13238 · Qualcomm · 9205 Lte Modem Firmware +18

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to memory corruption in a modem. This occurs due to an improper check while calculating the size of a serialized CoAP message, leading to potential exploitation...

PT-2023-12817 · Qualcomm · 9205 Lte Modem Firmware +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue is related to memory corruption in a modem, caused by improper input validation when handling incoming CoAP messages. Recommendations: At the moment, there is no information...

PT-2023-12795 · Qualcomm · Snapdragon +181

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in a modem due to an integer overflow leading to a buffer overflow when handling APDU responses. This occurs while...

SUSE CVE-2011-0687

Opera before 11.01 does not properly implement Wireless Application Protocol WAP dropdown lists, which allows user-assisted remote attackers to cause a denial of service application crash via a crafted WAP document...

SUSE CVE-2016-6512

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvbgetguintvar function, which allows remote attackers to cause a denial of service infinite loop via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors...

Design/Logic Flaw

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

DEBIAN-CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

PT-2022-11359 · Eclipse · Eclipse Wakaama

Name of the Vulnerable Software and Affected Versions: Eclipse Wakaama versions prior to 2021-01-14 Description: The issue arises from the CoAP parsing code in Eclipse Wakaama, which fails to properly sanitize network-received data. This has been the case since the inception of Eclipse Wakaama...

Eclipse Wakaama 缓冲区错误漏洞

Eclipse Wakaama is a C-based, open source implementation of the OMA LWM2M protocol from the Eclipse Foundation. A buffer error vulnerability exists in Eclipse Wakaama versions 2021-01-14 and earlier, which stems from the CoAP parsing code failing to properly clean up data received over the networ...