ALLPlayer 安全漏洞

ALLPlayer is a multimedia player developed by ALLPlayer Corporation. Version 7.4 of ALLPlayer contains a security vulnerability, which stems from a local buffer overflow in URL processing. This vulnerability could allow attackers to overwrite structured exception handling by providing overly long...

Sensorweb ScadaBR 安全漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation, designed for developing automated data acquisition and monitoring applications. Sensorweb ScadaBR has a security vulnerability, which stems from a reflection-type cross-site scripting issue in URL processing...

PT-2026-29059

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

CVE-2009-20008 Green Dam 3.17 URL Processing Buffer Overflow

Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can...

Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that are based on the Android platform and utilize the network to deliver text messages. The application uses contact information in a smartphone to find contacts using the software to send texts, pictures...

CVE-2022-24700

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service daemon crash via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by...

VulnCheck KEV: CVE-2025-2776

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which originates from memory corruption due to unverified processing of addresses by TME...

Linux Distros Unpatched Vulnerability : CVE-2023-0286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.423)

The version of AHV installed on the remote host is prior to 20220304.423. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.423 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0286)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0286 advisory. - There is a type confusion vulnerability relating to X.400 addres...

CVE-2022-3854

...

The vulnerability of the ModSecurity security module for protecting web applications arises from insufficient validation of input data. This allows attackers to bypass the WAF rules.

The vulnerability of the ModSecurity security module for protecting web applications exists due to insufficient validation of input data when processing URL addresses. Exploiting this vulnerability can allow a malicious actor to bypass WAF rules...

Oracle Linux 7 : edk2 (ELSA-2023-13026)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-13026 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

The vulnerability of Juniper Networks JunOS Evolved router models from the PTX10001, PTX10004, PTX10008, and PTX10016 series lies in the data source verification mechanism’s deficiencies. This allows attackers to trigger a system reboot.

The vulnerability of Juniper Networks JunOS Evolved router models series PTX10001, PTX10004, PTX10008, and PTX10016 lies in defects in the mechanism for verifying data sources during MAC address processing. Exploiting this vulnerability allows a malicious actor to trigger a system reboot...

The vulnerability of D-Link DSL-3782 router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of D-Link DSL-3782 router’s microprogramming software is related to the lack of measures taken to protect the structure of the web page during the processing of IP address fields by the router. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ABB RTU500 Series, AFS series and M2M Gateway Type Confusion in embedded OpenSSL (CVE-2023-0286)

A vulnerability exists in the OpenSSL that affects the RTU500 Series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.15 12.2.1 – 12.2.12 12.4.1 – 12.4.12 12.6.1 – 12.6.9 12.7.1 – 12.7.6 13.2.1 – 13.2.6 13.3.1 – 13.3.3 13.4.2 M2M Gateway ARM600:...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2464)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2023-2301)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an...

F5 Networks BIG-IP : OpenSSL vulnerability (K000132941)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000132941 advisory. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName...