44 matches found
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
Updated ppp packages fix security vulnerability
Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name CVE-2020-8597...
Citrix SD-WAN Software Feature Cheat Sheet
The purpose of this article is to provide guidance of what software, hardware, license and management tool is supported per release. Citrix SD-WAN Software Feature Cheat Sheet also attached for reference R11.4.2 – Nov 2,2021| • You can now configure the LTE interface-based WAN link as a Private...
CVE-2018-0197
A vulnerability in the VLAN Trunking Protocol VTP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service DoS condition. The vulnerability is due to a logic...
Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)
The remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol. Note these issues affect only WiFi model device...
Resources with names ending with the Published Desktop name not showing up in Receiver
This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Resources with names ending with the published desktop name not showing up in Receiver For passthrough...
CVE-2016-5055
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...
CVE-2016-5055
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...
Code injection
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...
CVE-2016-5055
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...
CVE-2016-5055
CVE-2016-5055 affects OSRAM SYLVANIA Osram Lightify Pro prior to 2016-07-26, with XSS in the username field and the Wireless Client Mode configuration page. NVD data lists CVSS2/3 base scores (4.3/6.1) and NETWORK attack vector; impact includes partial integrity and low confidentiality, with user...
STunnel 3.x Client Negotiation Protocol Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3748/info Stunnel is a freely available, open source cryptography wrapper. It is designed to wrap arbitrary protocols that may or may not support cryptography. It is maintained by the Stunnel project. Stunnel does not...
DSA-2664-1 stunnel4 - buffer overflow
Bulletin has no description...
FreeBSD : stunnel -- Remote Code Execution (c97219b6-843d-11e2-b131-000c299b62e1)
Michal Trojnara reports : 64-bit versions of stunnel with the following conditions : NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the 'connect' option or execute MITM attacks on the...
stunnel -- Remote Code Execution
Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...
CVE-2011-3309
CVE-2011-3309 affects Cisco ASA 5500 series devices running software 8.2 through 8.4, where the device processes IKE requests even when vpnclient mode is configured. The root cause is the acceptance and handling of IKE traffic that can be observed by reading responder traffic, enabling potential ...
PT-2012-1686 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.2 through 8.4 Description: The issue allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, due to the devices processing IKE...
RE: DoS code for Cisco VLAN Trunking Protocol Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, This is Paul Oxman with Cisco PSIRT. For mitigations and workarounds, please consult the Cisco Security Response available at: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml Regards From: showrun.lee mailto:[email protected]...
[EXPL] TCP Chat(TCPX) DoS (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[SECURITY] [DSA-372-1] New netris packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 372-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 16th, 2003 http://www.debian.org/security/faq -...