2052 matches found
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Authorization
The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...
CVE-2020-15476
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpisearchoracle in lib/protocols/oracle.c...
CVE-2020-15476
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpisearchoracle in lib/protocols/oracle.c...
ALSA-2020:2755 Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CVE-2020-14199
The CVE-2020-14199 issue is a BIP-143 signing mishandling in the Bitcoin protocol that can mislead users into producing two signatures during Segwit transactions. Affected products are Trezor One firmware before 1.9.1 and Trezor Model T firmware before 2.3.1; these devices have firmware updates t...
CVE-2020-14148
The Server-Server protocol implementation in ngIRCd before 26rc2 allows an out-of-bounds access, as demonstrated by the IRCNJOIN function...
Windows SMBv3 Client/Server Denial of Service Vulnerability
A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An authenticated attacker who successfully exploited this vulnerability against an SMB Server could cause the affected system to crash. An unauthenticated...
Windows SMBv3 Client/Server Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability...
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’. Recent assessments: busterb at June 09, 2020 11:49pm UTC reported: Edit: After...
Astsu - A Network Scanner Tool
How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...
IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results from the lack of proper...
Design/Logic Flaw
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...
CVE-2020-13849
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...
CVE-2020-10136
IP-in-IP protocol specifies IP Encapsulation within IP standard RFC 2003, STD 1 that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing...
Huawei Products Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation (huawei-sa-20171206-01-ikev2)
Multiple Huawei products are prone to multiple vulnerabilities in the IKEv2 protocol implementation. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Updated kernel packages fix security vulnerability
This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's catego...
CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing...
Design/Logic Flaw
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
FreeBSD-SA-20:12.libalias
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:12.libalias Security Advisory The FreeBSD Project Topic: Insufficient packet length validation in libalias Category: core Module: libalias Announced:...