| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. |
| FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. |
| Transient DOS while parsing ESP IE from beacon/probe response frame. |
| Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. |
| Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. |
| Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. |
| Transient DOS while processing TID-to-link mapping IE elements. |
| Transient DOS while parsing the received TID-to-link mapping action frame. |
| The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. |
| Transient DOS while parsing BTM ML IE when per STA profile is not included. |
| Transient DOS while processing the CU information from RNR IE. |
| Information disclosure while parsing the multiple MBSSID IEs from the beacon. |
| Transient DOS while parsing ESP IE from beacon/probe response frame. |
