Page 2 of 11 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Los atacantes adyacentes a la red podían usar gdhcp en ConnMan versiones anteriores a 1.39, para filtrar información confidencial de la pila, lo que permitiría una mayor explotación de los errores en gdhcp • https://bugzilla.suse.com/show_bug.cgi?id=1181751 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog https://kunnamon.io/tbone https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html https://security.gentoo.org/glsa/202107-29 https://www.debia •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Un desbordamiento de búfer en la región stack de la memoria en dnsproxy en ConnMan versiones anteriores a 1.39, podría ser usado por atacantes adyacentes a la red para ejecutar código • https://bugzilla.suse.com/show_bug.cgi?id=1181751 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog https://kunnamon.io/tbone https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html https://security.gentoo.org/glsa/202107-29 https://www.debian.org/security/2021/dsa-4847 https://www.openwall.com/lists/oss-security/2021/02/08/2 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. Un desbordamiento de búfer basado en pila en "dnsproxy.c" en connman 1.34 y anteriores permite que atacantes remotos provoquen una denegación de servicio (bloqueo) o ejecuten código arbitrario mediante una cadena de consulta de respuesta manipulada pasada a la variable "name". • http://www.debian.org/security/2017/dsa-3956 http://www.securityfocus.com/bid/100498 https://01.org/security/intel-oss-10001/intel-oss-10001 https://bugzilla.redhat.com/show_bug.cgi?id=1483720 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 https://security.gentoo.org/glsa/201812-02 https://www.nri-secure.com/blog/new-iot-vulnerability-connmando • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 168EXPL: 0

The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. El bucle de retorno plug-in en ConnMan antes v0.85 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en (1) el nombre de host o (2) en nombre de dominio en una respuesta DHCP. • http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=26ace5c59f790bce0f1988b88874c6f2c480fd5a http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 http://secunia.com/advisories/49033 http://secunia.com/advisories/49186 http://security.gentoo.org/glsa/glsa-201205-02.xml http://www.openwall.com/lists/oss-security/2012/05/07/10 http://www.openwall.com/lists/oss-security/2012/05/07/2 http://www.openwall.com/lists/oss-securi • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 8%CPEs: 84EXPL: 0

ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. ConnMan antes 0.85 no garantiza que los mensajes netlink se originen en el núcleo, lo que permite a atacantes remotos eludir restricciones de acceso y provocar una denegación de servicio a través de un mensaje netlink modificado. • http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=c1b968984212b46bea1330f5ae029507b9bfded9 http://secunia.com/advisories/49033 http://secunia.com/advisories/49186 http://security.gentoo.org/glsa/glsa-201205-02.xml http://www.openwall.com/lists/oss-security/2012/05/07/10 http://www.openwall.com/lists/oss-security/2012/05/07/2 http://www.openwall.com/lists/oss-securi • CWE-264: Permissions, Privileges, and Access Controls •