247 matches found
DEBIAN-CVE-2023-34256
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4groupdesccsum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend again...
UBUNTU-CVE-2023-34256
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4groupdesccsum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend again...
K16840: SSH vulnerability CVE-1999-1085
Security Advisory Description Description SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext...
SUSE CVE-2006-4924
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service CPU consumption via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector...
SUSE CVE-2007-2445
The pnghandletRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service application crash via a grayscale PNG image with a bad tRNS chunk CRC value...
CVE-2023-23120
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new...
CVE-2023-23119
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new firmware ima...
Design/Logic Flaw
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new...
CVE-2023-23120
CVE-2023-23120 affects TRENDnet TV-IP651WI Network Camera firmware versions v1.07.01 and earlier. The root cause is using a CRC-based integrity check during firmware updates, which can be bypassed in a MITM scenario to modify the firmware image. The provided documents state the vulnerability but ...
TRENDnet TV-IP651WI 安全漏洞
The TRENDnet TV-IP651WI is a wireless network camera from TRENDnet. A security vulnerability exists in TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier, which is caused due to the use of the cyclic redundancy check CRC algorithm for integrity checking during a firmware...
CVE-2023-23119
CVE-2023-23119 affects Ubiquiti airFiber AF2X Radio firmware 3.2.2 and earlier. The root cause is use of CRC for integrity checks during firmware updates, enabling MITM modification of the firmware image to bypass checksum verification. Public details consistently describe the impact as firmware ...
CVE-2023-23120
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new...
CVE-2023-23119
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new firmware ima...
CVE-2022-46423
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service...
CVE-2022-46424
An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or...
Design/Logic Flaw
An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or...
Design/Logic Flaw
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service...
Design/Logic Flaw
An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service DoS...
CVE-2022-46424
Affected product: Netgear XWN5001 Powerline 500 WiFi Access Point. Vulnerability: exploitable firmware modification allowing a MITM attacker to modify a user-uploaded firmware image and bypass CRC checks, enabling arbitrary code execution or Denial of Service. Root cause/condition: vulnerable fir...
CVE-2022-46432
CVE-2022-46432 affects TP-Link TL-WR743ND V1 firmware up to 3.12.20. The vulnerability allows a MITM-based modification of the user-uploaded firmware image, bypassing the CRC check and enabling arbitrary code execution or Denial of Service. Affected versions: v3.12.20 and earlier. Root cause cent...