4 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autenticada. Contra dispositivos que admiten la recepción de tramas A-MSDU que no son SSP (que es obligatorio como parte de 802.11n), un adversario puede abusar de esto para inyectar paquetes de red arbitrarios A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https: • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 1

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. Apache Cordova 3.3.0 y anteriores y Adobe PhoneGap 2.9.0 y anteriores en Windows Phone 7 y 8 no restringen debidamente eventos de navegación, lo que permite a atacantes remotos evadir restricciones "device-resource" a través de contenido que es accedido (1) en un elemento IFRAME o (2) con el método XMLHttpRequest mediante una aplicación manipulada. • http://openwall.com/lists/oss-security/2014/02/07/9 http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt http://seclists.org/bugtraq/2014/Jan/96 http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf http://www.internetsociety.org/ndss2014/programme#session3 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.9EPSS: 12%CPEs: 2EXPL: 0

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. Microsoft Windows Phone 7 no comprueba el nombre de dominio en el campo nombre común(CN) del sujeto en un certificado X.509, lo que permite ataques hombre-en-el-medio (MITM) falseando un servidor SSL para los protocolos (1) POP3, (2) IMAP, o (3) SMTP a través válidos de su elección. • http://osvdb.org/85619 http://www.kb.cert.org/vuls/id/389795 http://www.securityfocus.com/bid/55569 http://www.securitytracker.com/id?1027541 https://exchange.xforce.ibmcloud.com/vulnerabilities/78620 • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. Desbordamiento de búfer en SJ Labs SJphone 1.60.303c, al ejecutarse bajo Windows Mobile 2003 en el teléfono Samsung SCH-i730, permite a atacantes remotos provocar una denegación de servicio (cuelgue del dispositivo y terminación de la llamada) mediante mensajes SIP INVITE mal formados, una vulnerabilidad diferente de CVE-2007-3351. • http://osvdb.org/45404 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=216& https://exchange.xforce.ibmcloud.com/vulnerabilities/35076 •