49 matches found
DEBIAN-CVE-2022-24810
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
DEBIAN-CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2023-3409)
According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...
SUSE CVE-2018-9270
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak...
SUSE CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
CLSA-2022-1660064249 Fix CVE(s): CVE-2022-21434, CVE-2022-21426, CVE-2022-21443, CVE-2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21476, CVE-2022-21496
Backport upstream releases 8u342 and 8u332 to 16.04 LTS Security fixes in 8u342: - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541:...
Improper Input Validation
net-snmp is vulnerable to improper input validation. The vulnerability exists when SETing malformed OIDs in master agent and subagent simultaneously because the inputs are not properly validated which allows an attacker to bypass validations...
UBUNTU-CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
CVE-2022-24806
A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent...
SNMP – Simply Not My Problem. Or is it?
TL;DR: Use SNMPv3; long gone is default community strings, hello complex passwords! Remove from the internet, if required, implement a VPN solution to restrict access to only authorised parties. SNMP is a protocol used for the remote management of devices on a network. By remote, we mean access...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : strongSwan vulnerabilities (USN-3771-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3771-1 advisory. It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to...
USN-3771-1: strongSwan vulnerabilities
It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2018-10811 Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A...
SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0980-1)
This update for wireshark fixes the following issues : - Update to wireshark 2.2.14, fix such issues : - bsc1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissect...
DEBIAN-CVE-2018-9270
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak...
UBUNTU-CVE-2018-9270
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak...
CVE-2017-5257
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or guesses the SNMP read/write RW community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user...
Fixing HPKP with Certificate Constraints
This is the third post in my series on HPKP. In my first post I declared HPKP dead, and in my second post I explored the possibility of fixing it by introducing pin revocation. Today I will consider an entirely different approach to make HPKP much safer, by changing how it’s activated. In my...
CVE-2017-6737
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...
CVE-2017-6740
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...