Page 2 of 12 results (0.012 seconds)

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La función forward_dns_reply maneja inapropiadamente una llamada a strnlen, conllevando a una lectura fuera de límites • https://git.kernel.org/pub/scm/network/connman/connman.git/log https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 https://www.openwall.com/lists/oss-security/2022/01/25/1 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Los atacantes adyacentes a la red podían usar gdhcp en ConnMan versiones anteriores a 1.39, para filtrar información confidencial de la pila, lo que permitiría una mayor explotación de los errores en gdhcp • https://bugzilla.suse.com/show_bug.cgi?id=1181751 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog https://kunnamon.io/tbone https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html https://security.gentoo.org/glsa/202107-29 https://www.debia •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Un desbordamiento de búfer en la región stack de la memoria en dnsproxy en ConnMan versiones anteriores a 1.39, podría ser usado por atacantes adyacentes a la red para ejecutar código • https://bugzilla.suse.com/show_bug.cgi?id=1181751 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog https://kunnamon.io/tbone https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html https://security.gentoo.org/glsa/202107-29 https://www.debian.org/security/2021/dsa-4847 https://www.openwall.com/lists/oss-security/2021/02/08/2 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. Un desbordamiento de búfer basado en pila en "dnsproxy.c" en connman 1.34 y anteriores permite que atacantes remotos provoquen una denegación de servicio (bloqueo) o ejecuten código arbitrario mediante una cadena de consulta de respuesta manipulada pasada a la variable "name". • http://www.debian.org/security/2017/dsa-3956 http://www.securityfocus.com/bid/100498 https://01.org/security/intel-oss-10001/intel-oss-10001 https://bugzilla.redhat.com/show_bug.cgi?id=1483720 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 https://security.gentoo.org/glsa/201812-02 https://www.nri-secure.com/blog/new-iot-vulnerability-connmando • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 168EXPL: 0

The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. El bucle de retorno plug-in en ConnMan antes v0.85 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en (1) el nombre de host o (2) en nombre de dominio en una respuesta DHCP. • http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=26ace5c59f790bce0f1988b88874c6f2c480fd5a http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 http://secunia.com/advisories/49033 http://secunia.com/advisories/49186 http://security.gentoo.org/glsa/glsa-201205-02.xml http://www.openwall.com/lists/oss-security/2012/05/07/10 http://www.openwall.com/lists/oss-security/2012/05/07/2 http://www.openwall.com/lists/oss-securi • CWE-20: Improper Input Validation •