168 matches found
HTTP/2 Server Denial of Service Vulnerability
A denial of service vulnerability exists in the HTTP/2 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. ...
CVE-2019-0052
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have...
Design/Logic Flaw
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have...
CVE-2019-0052 SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have...
CVE-2019-0052
The CVE-2019-0052 issue affects Juniper Networks Junos OS on SRX Series gateways, where the srxpfe process crashes when the UTM/JSF module processes a specific fragmented HTTP packet. The packet is misinterpreted as a normal TCP packet, causing a processor crash. Affected releases cover multiple ...
CVE-2019-0006
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...
Design/Logic Flaw
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...
CVE-2019-0006 Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...
LIVE555 RTSP Server Buffer Overflow Vulnerability
LIVE555 RTSP Server is a command line program for viewing, transmitting, receiving and recording media streams specified by RTSP URLs. A stack buffer overflow vulnerability exists in the HTTP packet parsing feature of the library in LIVE555 RTSP Server version 0.92. An attacker can exploit this...
Critical Code Execution Flaw Found in LIVE555 Streaming Library
Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, ...
CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
UBUNTU-CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
CVE-2018-4013
CVE-2018-4013 affects the LIVE555 RTSP server library (liveMedia) version 0.92, where a vulnerability in the HTTP packet-parsing path can cause a stack-based buffer overflow leading to remote code execution. The root cause involves reading HTTP headers into stack buffers during RTSP-over-HTTP han...
liveMedia -- potential remote code execution
Talos reports: An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerabili...
CVE-2018-6692
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet...
Buffer overflow
A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...
HTTP.sys Denial of Service Vulnerability
A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become...
Cross site request forgery (csrf)
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability...