Page 130 of 38509 results (0.046 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19943 https://www.wireshark.org/security/wnpa-sec-2024-11.html • CWE-825: Expired Pointer Dereference

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. ... A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn • CWE-476: NULL Pointer Dereference •

CVSS: 6.7EPSS: 0%CPEs: 84EXPL: 0

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. • https://www.dell.com/support/kbdoc/en-us/000217981/dsa-2023-362-security-update-for-dell-dock-firmware-and-dell-client-platform-for-an-improper-link-resolution-vulnerability • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. ... For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. • https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. ... This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. • https://gist.github.com/Swind1er/02f6cb414e440c34878f20fef756e286 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •