Improper Input Validation

github.com/siderolabs/omni is vulnerable to an improper input validation. The vulnerability is due to the lack of validation on the destination address in the WireGuard SideroLink interface configuration, which allows an attacker with access to a malicious workload to send arbitrary packets over...

CVE-2025-59824

The CVE CVE-2025-59824 affects Omni’s WireGuard-based SideroLink used to connect Omni to Talos machines. The issue: the WireGuard interface validates that the source IP matches the Talos peer IPv6 address but does not validate the destination address, meaning a malicious workload on the same Kube...

omni 安全漏洞

omni is a Kubernetes deployment tool open-sourced by Sidero Labs, Inc. A security vulnerability exists in Omni versions prior to 0.48.0 that stems from an unverified packet destination address that could lead to a malicious load sending arbitrary packets through the SideroLink interface...

Rtpengine mr13.4.1.1 Injection / Redirection

Rtpengine starting at version mr13.4.1.1 allows for redirection to an attacker-controlled host and insertion of arbitrary RTP packet into active calls...

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

The vulnerability of the microprogrammed Ethernet switch software from RUGGEDCOM ROS allows a hacker to send arbitrary packets into the mirrored network.

The vulnerability of the microprogrammed Ethernet switch software from RUGGEDCOM ROS is related to errors in representing certain functions. Exploiting this vulnerability allows a remote attacker to send arbitrary packets to the mirrored network...

Google Nest 授权问题漏洞

Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...

The vulnerability of implementations of WEP, WPA, WPA2, and WPA3 algorithms in the Linux operating system allows attackers to inject arbitrary network packets, regardless of the network configuration.

The vulnerability of implementations of WEP, WPA, WPA2, and WPA3 algorithms in Linux operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary network packets regardless of the network configuration...

The vulnerability of the communication standards for IEEE 802.11 operating systems on Windows allows a intruder to inject arbitrary network packets.

The vulnerability of the IEEE 802.11 communication standard for Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to inject arbitrary network packets remotely...

OpenBSD 注入漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD Openbsd project team. A security vulnerability exists in OpenBSD version 6.6. An attacker can inject arbitrary network packets independent of the network configuration...

Information disclosure

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

Linux Kernel TCP Sequence Number Generation Security Weakness

The Linux kernel is prone to a security weakness related to TCP sequence number generation. Attackers can exploit this issue to inject arbitrary packets into TCP sessions using a brute-force attack. An attacker may use this vulnerability to create a denial of service condition or a...

Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)

source: https://www.securityfocus.com/bid/3652/info Internet Protocol Security IPSec provides authentication and encryption for IP network traffic. The Internet Key Exchange IKE protocol is a management protocol standard which is used with the IPSec standard. IKE contributes to the IPSec standard...