20 matches found
The US Won't Sanction China for Salt Typhoon Hacking
Plus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more...
CVE-2025-34515
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
EUVD-2025-34809
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
Linux Distros Unpatched Vulnerability : CVE-2019-15297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a...
Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness
Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed...
SUSE CVE-2011-0413
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service assertion failure and daemon crash by sending a message over IPv6 for a declined and abandoned address...
Denial Of Service (DoS)
asterisk, edge is vulnerable to denial of service. It allows an attacker to trigger a crash by sending a declined stream in a response re-invite initiated by Asterisk...
ALPINE-CVE-2021-26717
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this...
asterisk -- Remote crash possible when negotiating T.38
The Asterisk project reports: When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash...
ALPINE-CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
UBUNTU-CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
asterisk -- Crash when negotiating for T.38 with a declined stream
The Asterisk project reports: When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk...
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
eStore 1.0.2 - SQL Injection Vulnerability
No description provided by source. ===================================================================================================== .::Powered by eStore v1.0.2::. ===================================================================================================== x Author : R3VANBASTARD x W...
openSUSE Security Update : osc (openSUSE-SU-2012:0400-1)
This update of osc to 0.134.1 provides the following changes : - adding unlock command - maintenanceincident requests get created with source revision of package - Enables new maintenance submissions for new OBS 2.3 maintenance model - Fixes srcmd5 revisions in submit request, when link target !=...
dhcp: unexpected abort caused by a DHCPv6 decline message
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service assertion failure and daemon crash by sending a message over IPv6 for a declined and abandoned address...
Fedora 14 : dhcp-4.2.0-19.P2.fc14 (2011-0862)
A flaw was discovered in the way the dhcpd daemon processed a message for an address that had been previously declined and internally tagged as abandoned. Processing such a message could trigger an assert failure that could crash dhcpd if it was running as a DHCPv6 server. DHCPv4 servers are...
CVE-2011-0413
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service assertion failure and daemon crash by sending a message over IPv6 for a declined and abandoned address...
isc-dhcp-server -- DHCPv6 crash
ISC reports: When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure resulting in the server crashing. This could be used to crash DHCPv6 servers remotely. This issue only affects DHCPv6 server...