2877 matches found
CVE-2021-36194
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...
Stack overflow
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...
CVE-2021-36194
CVE-2021-36194 concerns Fortinet FortiWeb: multiple stack-based buffer overflows in the API controllers may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. Affected products/versions (per provided data): FortiWeb 6.4.1, 6.4.0, and 6.3.0 through ...
CVE-2021-36194
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...
CVE-2021-41017
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...
CVE-2021-41017
CVE-2021-41017 describes multiple heap-based buffer overflow vulnerabilities in FortiWeb’s web API controllers (versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15). The underlying issue is heap-based overflow which may allow a remote authenticated attacker to execute arbitrary code or commands via s...
FortiWeb - Reflected cross-site scripting in error controllers
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...
FortiWeb - Stack-based buffer overflows in API controllers
Multiple stack-based buffer overflows CWE-121 in the API controllers of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...
The vulnerabilities of Cisco Application Policy Infrastructure Controller and Cisco Cloud Application Policy Infrastructure Controller, related to insufficient handling of exceptional states, allow attackers to increase their privileges within the system.
The vulnerability of Cisco Application Policy Infrastructure Controller and Cisco Cloud Application Policy Infrastructure Controller lies in the insufficient handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to gain elevated privileges within the system...
Delta Electronics CNCSoft 安全漏洞
Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, China. The software provides high-performance motion control, rich human-machine interface functions, user-friendly operation, high stability to meet the needs of high-speed cutting, and good flexibility...
Design/Logic Flaw
A vulnerability was discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.8.4, Zoom Client for Meetings for Blackberry for Android and iOS before version 5.8.1, Zoom Client for Meetings for intune for Android and iOS before version 5.8.4, Zoom...
The vulnerability of the microprogrammed logic controller ioLogik’s software, related to deficiencies in the authentication process, allows attackers to escalate their privileges within the system.
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow unauthorized individuals to enhance their privileges within the system through specially crafted requests...
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik, related to deficiencies in access control, allows a intruder to gain access to the device.
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder to gain access to the device...
CVE-2021-38448
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...
KB5008606: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2008 SP2
KB5008606: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2008 SP2 Summary This update addresses the following issue: Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self...
November 14, 2021—KB5008602(OS Build 17763.2305) Out-of-band
November 14, 2021—KB5008602OS Build 17763.2305 Out-of-band 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release know...
KB5008603: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2012 R2
KB5008603: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2012 R2 Summary This update addresses the following issue: Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self...
November 14, 2021—KB5008601 (OS Build 14393.4771) Out-of-band
November 14, 2021—KB5008601 OS Build 14393.4771 Out-of-band 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release kno...
Intel Ethernet Controllers 缓冲区错误漏洞
Intel Ethernet Controllers is an Ethernet controller from IntelR Corporation. A buffer error vulnerability exists in Intel Ethernet controllers that stems from out-of-bounds writes in IntelR Ethernet 700 firmware for series controllers prior to version 8.2 may allow a privileged user to potential...
Intel Ethernet Controllers 输入验证错误漏洞
Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. An input validation error vulnerability exists in Intel Ethernet controllers, which stems from improper access control in IntelR Ethernet firmware prior to version 1.5.5.6 of the Network Controller E810 that could...