91 matches found
OESA-2021-1388 aspell security update
GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...
Mozilla: DoH did not filter IPv4 mapped IP Addresses
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...
CVE-2020-11615
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...
CVE-2020-1632
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service DoS...
UBUNTU-CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
DEBIAN-CVE-2018-20679
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...
DEBIAN-CVE-2018-6521
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...
SimpleSAML php Access Restriction Bypass Vulnerability
SimpleSAMLphp is a program written in native PHP to handle authentication. An access restriction bypass vulnerability exists in SimpleSAMLphp before 1.15.2. The vulnerability arises because the sqlauth module in SimpleSAMLphp relies on the MySQL utf8 character set, which truncates queries when it...
Multiple Huawei Products IKEv2 Protocol Memory Out-of-Bounds Access Vulnerability
Huawei IPS Module, NGFW Module, NIP6300/6600 series products and Secospace USG series are the new generation of professional intrusion prevention and firewall products launched by Huawei for enterprise, IDC, campus network and carrier customers. A memory out-of-bounds access vulnerability exists ...
WordPress Cross-Site Scripting Vulnerability (CNVD-2015-05150)
WordPress is a blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in WordPress versions prior to 4.1.2, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of four-byte UTF-8 characters or invalid characters...
security flaw
The rsvpprint function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service infinite loop via a crafted RSVP packet of length 4...