533 matches found
SUSE CVE-2020-7045
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes...
SUSE CVE-2022-26981
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c called, indirectly, by tools/louchecktable.c...
Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1592 Asus RT-AX82U cfgserver cmprocessConnDiagPktList denial of service vulnerability January 10, 2023 CVE Number CVE-2022-38393 SUMMARY A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U...
ASUS RT-AX82U 缓冲区错误漏洞
The ASUS RT-AX82U is a wireless router from the Chinese company ASUS. A denial of service vulnerability exists in ASUS RT-AX82U version 3.0.0.4.38649674-ge182230, which stems from improper input validation of the cfgserver cmprocessConnDiagPktList opcode of the router configuration service, which...
GSD-2022-1007786 net: lapbether: fix issue of invalid opcode in lapbeth_open()
net: lapbether: fix issue of invalid opcode in lapbethopen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...
PT-2022-36041 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue concerns an invalid opcode in the lapbeth open function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-36199 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.79 Description: The issue concerns an invalid opcode in the lapbeth open function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
A malicious user can steal all the excess balance on the pool by calling the execute function with higher amount than the selling amount
Lines of code Vulnerability details Impact When an order is matched, the Buyer has the option to pay in either ETH, WETH or via the Pool contract. The Exchange smart contract implements a function returnDust which returns the extra ETH to the user, if she overpays. The function is implemented in...
call opcode's return value not checked.
Lines of code Vulnerability details Impact The call opcode's return value not checked, which could leads to the originator lose funds. Proof of Concept The caller of LooksRareAggregator.sol::execute could be a contract who may not implement the fallback or receive function, when a call to it with...
CVE-2022-40202
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...
Delta Industrial Automation InfraSuite Device Master Device-Gateway CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within CtrlLayerNWCmdFileOperation, opcode 512. When parsi...
CVE-2022-30264
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...
PT-2022-3174 · Emerson · Emerson Roc +1
Name of the Vulnerable Software and Affected Versions: Emerson ROC and FloBoss RTU product lines through 2022-05-02 Description: The issue is related to insecure filesystem operations in the Emerson ROC and FloBoss RTU product lines. These products use the ROC protocol for communications between ...
DoS: Attacker May Front-Run CoreFactory.createProject() Or CoreFactory.addCollection() With A collection.id Causing Future Transactions With The Same collection.id to Revert
Lines of code Vulnerability details Impact A collection.id may only be used once in CoreFactory.createCollection since the the contract is deployed using the create2 opcode with a repeated salt and contract bytecode will fail to deploy a contract. Furthermore, the modifier onlyAvailableCollection...
[SECURITY] Fedora 36 Update: radare2-5.6.4-1.fc36
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
DEBIAN-CVE-2022-26981
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c called, indirectly, by tools/louchecktable.c...
CVE-2021-44428
Pinkie 2.15 allows remote attackers to cause a denial of service daemon crash via a TFTP read RRQ request, aka opcode 1...
CVE-2021-44428
Technical details for CVE-2021-44428 are not provided in the supplied documents; only a basic description is available. Monitor for updates, as connected sources focus on other vulnerabilities (e.g., Log4j) rather than this CVE.
CVE-2021-44429
CVE-2021-44429: Serva 4.4.0 suffers a denial-of-service via a TFTP read (RRQ) request (opcode 1), tied to the older CVE-2013-0145. Connected records confirm that CVE-2013-0145 describes a buffer overflow in the TFTPD service (Serva32 2.1.0) that could cause a daemon crash or, potentially, arbitra...