MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
Remote Procedure Call Runtime Denial of Service Vulnerability
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
Windows iSCSI Service Denial of Service Vulnerability
Transient DOS while processing a frame with malformed shared-key descriptor.
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Transient DOS while parsing WLAN beacon or probe-response frame.
Transient DOS in WLAN Firmware while parsing FT Information Elements.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Transient DOS while processing the CU information from RNR IE.
Transient DOS may occur while parsing extended IE in beacon.
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Transient DOS while processing the EHT operation IE in the received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.
Transient DOS may occur while parsing SSID in action frames.
Transient DOS while parsing per STA profile in ML IE.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Transient DOS while processing received beacon frame.
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Transient DOS while handling beacon frames with invalid IE header length.
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
Transient DOS in WLAN Firmware while processing frames with missing header fields.
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
Transient DOS while parsing the received TID-to-link mapping action frame.
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.