Astra Linux - уязвимость в libssh2

The vulnerability of the libssh2packetadd function in the packet.c component of the SSH2 implementation library Libssh2 is related to insufficient input validation. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

RHEL 6 : wireshark (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wireshark: free operation on an uninitialized memory address in wiretap/netmon.c CVE-2018-6836 - The...

Buffer overflow

The radpacketrecv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigge...

CVE-2022-24705

The CVE-2022-24705 vulnerability is in accel-ppp (Accel-PPP) where the rad_packet_recv function in radius/packet.c uses a memcpy into a fixed-size buffer, enabling a buffer overflow when receiving crafted client requests. This can be triggered remotely by a malicious client over the network, pote...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Vulnerability (NS-SA-2021-0026)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by a vulnerability: - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an...

EulerOS 2.0 SP5 : bluez (EulerOS-SA-2021-1179)

According to the versions of the bluez packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BlueZ 5.42, a use-after-free was identified in 'confopt' function in 'tools/parser/l2cap.c' source file. This issue can be triggered by...

Denial Of Service (DoS)

libssh2 is vulnerable to denial of service. The vulnerability exists through an integer overflow in SSHMSGDISCONNECT logic in packet.c which allows an attacker to cause an application crash...

F5 Networks BIG-IP : OpenSSH vulnerability (K32485746)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K32485746 advisory. sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a...

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...

CVE-2017-13208

In receivepacket of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation...

gnutls: Heap read overflow in read-packet.c

Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...

GnuTLS has multiple vulnerabilities

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols developed by Nikos Mavrogiannopoulos of Belgium and Simon Josefsson of Sweden, software developers. A security vulnerability exists in the 'cdkpktread' function in the opencdk/read-packet.c file in...

CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10...

CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10...

CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10...

CVE-2017-7869

GnuTLS contains a vulnerability CVE-2017-7869: an out-of-bounds write caused by an integer overflow and heap-based buffer overflow in cdk_pkt_read (opencdk/read-packet.c). This affects older GnuTLS before 2017-02-20 and is a subset of GNUTLS-SA-2017-3; the issue can crash the application (denial ...

CVE-2016-9918

In BlueZ 5.42, an out-of-bounds read was identified in "packethexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash...

CVE-2016-9918

In BlueZ 5.42, an out-of-bounds read was identified in "packethexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash...

Out-of-bounds

In BlueZ 5.42, an out-of-bounds read was identified in "packethexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash...

CVE-2016-9918

In BlueZ 5.42, an out-of-bounds read was identified in "packethexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash...