9185 matches found
CVE-2019-18863
The CVE-2019-18863 entry concerns a key-length vulnerability in the SRTP 128-bit key implementation on Mitel 6800/6900 SIP phones (versions 5.1.0.2051 SP2 and earlier). The root cause is in the SRTP key handling, enabling a man-in-the-middle attack when SRTP is used in a call, with potential inte...
CVE-2018-21035
CVE-2018-21035 affects Qt’s WebSocket implementation in Qt up to 5.14.1, where frames and messages are limited to 2 GB and this limit cannot be configured, enabling potential memory-based DoS. The vulnerability is documented across multiple advisories (e.g., MiracleLinux, Rocky Linux, AlmaLinux, ...
PT-2021-6496 · Libde265 +4 · Libde265 +4
Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a heap buffer overflow in the ff hevc put unweighted pred 8 sse function. This can be exploited via a crafted file, potentially allowing a remote attacker to access confidential data...
[SECURITY] Fedora 31 Update: golang-github-gorilla-websocket-1.4.1-1.fc31
Gorilla WebSocket is a Go implementation of the WebSocket protocol...
[SECURITY] Fedora 30 Update: golang-github-gorilla-websocket-1.4.1-1.fc30
A WebSocket implementation for Go...
CVE-2020-3165 Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability
A vulnerability in the implementation of Border Gateway Protocol BGP Message Digest 5 MD5 authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD...
Lark Technologies: Access to private file's of helpdesk.
A improperly implemented access controls vulnerability was found at a Larksuite endpoint that could have resulted in a team founder who was also an admin of a separate helpdesk, to view an arbitrary image from a ticket they did not have permission to view. We thank @imrannisar for reporting this ...
Faraday presents the latest version of their Security Platform for Vulnerability Management Automation
Miami, February 19, 2020 - Faraday is opening 2020 by strengthening their releases using the featured cybersecurity worldwide events calendar, starting next week with BSides and RSAC in San Francisco. As a Blackhat Global Partner, the company will also participate as a sponsor in all BH’s global...
D-Link Multiple Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...
CVE-2012-5363
The IPv6 implementation in FreeBSD and NetBSD unknown versions, year 2012 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393...
Design/Logic Flaw
The IPv6 implementation in FreeBSD and NetBSD unknown versions, year 2012 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393...
CVE-2012-5363
CVE-2012-5363 affects the IPv6 ND/Neighbor Solicitation handling in FreeBSD and NetBSD (unknown versions, year 2012 and earlier). The issue allows remote attackers to cause a denial of service by flooding the stack with ICMPv6 Neighbor Solicitation messages, as described in the CVE entry. Connect...
CVE-2012-5365
The IPv6 implementation in FreeBSD and NetBSD unknown versions, year 2012 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries...
CVE-2012-5364
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries...
Design/Logic Flaw
The Neighbor Discovery ND protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router Advertisement RA message...
CVE-2020-3945
vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network...
CVE-2020-3945
CVE-2020-3945 is an information-disclosure vulnerability in VMware’s vRealize Operations for Horizon Adapter . Affected releases are 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 . The root cause is an incorrect pairing/implementation between the Horizon Adapter and Horizon View, enabling an unau...
CVE-2020-3945
vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4285-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4285-1 advisory. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacke...
USN-4286-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that a race condition existed in the Softmac USB Prism54 devi...