Lucene search
K

76 matches found

CERT
CERT
added 2020/03/04 12:0 a.m.111 views

pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

Overview pppd Point to Point Protocol Daemon versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol EAP packet processing in eaprequest and eapresponse subroutines. Description PPP is the protocol used for establishing internet links ove...

9.8CVSS9.6AI score0.19431EPSS
Exploits3References7
OSV
OSV
added 2019/02/18 11:45 p.m.23 views

GHSA-R36X-P5PV-9MFX prebuild-lwip downloads Resources over HTTP

Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

8.1CVSS8.1AI score0.00546EPSS
Exploits0References3
CNVD
CNVD
added 2018/06/15 12:0 a.m.4 views

prebuild-lwip Remote Code Execution Vulnerability

prebuild-lwip is a lightweight image processor based on NodeJS. A security vulnerability exists in prebuild-lwip that originates when the program downloads binary resources over the HTTP protocol. An attacker can use this vulnerability to modify or read the downloaded resources and potentially...

8.1CVSS8AI score0.00546EPSS
Exploits0References1
Veracode
Veracode
added 2018/06/05 2:39 a.m.16 views

Man-in-the-Middle(MitM)

prebuild-lwip is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...

8.1CVSS8.3AI score0.00546EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/04 4:29 p.m.19 views

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1CVSS8AI score0.00546EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.3 views

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1CVSS5.8AI score0.00546EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.17 views

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1AI score0.00546EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.56 views

CVE-2016-10652

CVE-2016-10652 affects the NodeJS module prebuild-lwip , which insecurely downloads resources over HTTP. The underlying issue permits a network-position attacker to perform a MITM attack by modifying or reading downloaded resources, with potential consequences ranging from information disclosure ...

8.1CVSS8AI score0.00546EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/02/27 7:42 a.m.33 views

Denial-of-Service (DoS) Via Embedded Dependency

lwip embeds a copy of libpng version 1.6.18 as a dependency. This version of libpng is vulnerable to multiple denial-of-service DoS vulnerabilities including CVE-2015-8126, and CVE-2015-8472...

7AI score0.10339EPSS
Exploits0
n0where
n0where
added 2016/06/14 2:32 p.m.29 views

Create TCP UDP Connections Over Audio Channel: Quiet-lwip

Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...

0.1AI score
Exploits0References3
NVD
NVD
added 2014/11/28 2:59 a.m.13 views

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

4.3CVSS6.3AI score0.00572EPSS
Exploits0References2
Prion
Prion
added 2014/11/28 2:59 a.m.12 views

Design/Logic Flaw

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

4.3CVSS6.9AI score0.00572EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/11/28 2:0 a.m.60 views

CVE-2014-4883

CVE-2014-4883 affects the DNS resolver code paths in uIP and lwIP (resolv.c/dns.c for lwIP

4.3CVSS6.5AI score0.00572EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/11/28 2:0 a.m.17 views

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

6.3AI score0.00572EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/11/28 2:0 a.m.22 views

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

4.3CVSS3.8AI score0.00572EPSS
Exploits0
CERT
CERT
added 2014/11/03 12:0 a.m.50 views

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

4.3CVSS6.6AI score0.00572EPSS
Exploits0References5
Rows per page
Query Builder