TRENDnet TEW-831DR 跨站脚本漏洞

The TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-831DR version 1.0 601.130.1.1356, which stems from the vulnerability of the Network Pre-Shared Key field on the web interface to cross-site scripting attacks. An attacker can use a simple XS...

CVE-2022-22703

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...

Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

EulerOS 2.0 SP9 : gnutls (EulerOS-SA-2021-2271)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other...

CVE-2020-27150

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set...

CVE-2020-27150

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set...

OESA-2021-1109 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

...

Denial Of Service (DoS)

gnutls is vulnerable to denial of service. The vulnerability exists due to a use after free issue in clientsendparams in lib/ext/presharedkey.c...

ALPINE-CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

AZL-6447 CVE-2021-20232 affecting package gnutls for versions less than 3.6.14-5

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

UBUNTU-CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in gnutls, which originates from memory corruption due to clientsendparams in lib/ext/presharedkey.c...

CVE-2020-25856

The function DecWPA2KeyData in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for an rtlmemcpy operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of...

PT-2021-5771

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw was found in the client send params function of the lib/ext/pre shared key.c component, related to a use after free issue. This may lead to memory corruption and other potential...

CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitra...

Authenticating your call centre when everyone is remote

Some unique challenges present themselves as workforce's shift to remote working. One that is not likely top of the pile, but is an easy avenue for abuse is authentication. When I talk about authentication, I don’t mean how users logon or access their emails for example. What I mean is how you...

Design/Logic Flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13393

Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...