76 matches found
pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
Overview pppd Point to Point Protocol Daemon versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol EAP packet processing in eaprequest and eapresponse subroutines. Description PPP is the protocol used for establishing internet links ove...
GHSA-R36X-P5PV-9MFX prebuild-lwip downloads Resources over HTTP
Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
prebuild-lwip Remote Code Execution Vulnerability
prebuild-lwip is a lightweight image processor based on NodeJS. A security vulnerability exists in prebuild-lwip that originates when the program downloads binary resources over the HTTP protocol. An attacker can use this vulnerability to modify or read the downloaded resources and potentially...
Man-in-the-Middle(MitM)
prebuild-lwip is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...
CVE-2016-10652
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10652
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10652
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10652
CVE-2016-10652 affects the NodeJS module prebuild-lwip , which insecurely downloads resources over HTTP. The underlying issue permits a network-position attacker to perform a MITM attack by modifying or reading downloaded resources, with potential consequences ranging from information disclosure ...
Denial-of-Service (DoS) Via Embedded Dependency
lwip embeds a copy of libpng version 1.6.18 as a dependency. This version of libpng is vulnerable to multiple denial-of-service DoS vulnerabilities including CVE-2015-8126, and CVE-2015-8472...
Create TCP UDP Connections Over Audio Channel: Quiet-lwip
Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...
CVE-2014-4883
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...
Design/Logic Flaw
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...
CVE-2014-4883
CVE-2014-4883 affects the DNS resolver code paths in uIP and lwIP (resolv.c/dns.c for lwIP
CVE-2014-4883
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...
CVE-2014-4883
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...
uIP and lwIP DNS resolver vulnerable to cache poisoning
Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...