The vulnerability of the miniz data compression library, related to integer overflow, allows attackers to cause service failures.

The vulnerability of the miniz data compression library is related to integer overflows during the processing of file headers. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the SonicOS operating system arises due to a boundary error in processing the HTTP-response header SessionID, allowing an attacker to execute arbitrary code.

The vulnerability of the SonicOS operating system is caused by an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

CVE-2022-29465

An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

GSD-2022-1002524 input validation (CWE-20) in Elastic Load Balancer (ELB) version ELB prior to 2022-01-29 when "Legacy cache settings" is enabled

In Amazon Elastic Load Balancer ELB prior to 2022-01-29 when "Legacy cache settings" is enabled an input validation CWE-20 vulnerability exists in the HTTP Header processing that can be attacked via the network using a trailing space in the requests resulting in HTTP Header Smuggling...

Design/Logic Flaw

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing ICMP packet headers. This vulnerability allows attackers to gain access to protected information or cause service interruptions.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing ICMP packet headers. Exploiting this vulnerability can allow a remote attacker to gain access to protected...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing TCP packet headers. This vulnerability allows attackers to gain access to protected information or cause service interruptions.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing the TCP header. Exploiting this vulnerability can allow an attacker to gain access to protected informatio...

SUSE-SU-2021:3672-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients bsc1188278. - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet...

CVE-2021-31401

An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...

Integer overflow

An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...

Unspecified Vulnerability in Accusoft ImageGear (CNVD-2021-41083)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear versions 19.8 and 19.9, which stems from an out-of-bounds write vulnerability in the program's JPG comp header processing functionality that can be...

Accusoft ImageGear缓冲区错误漏洞

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear versions 19.8 and 19.9, which stems from an out-of-bounds write vulnerability in the program's JPG comp header processing functionality that can be...

PT-2021-16738 · Unknown · Capital Embedded Ar Classic +3

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all through V2303 Nucleus NET versions all Nucleus ReadyStart V3 versions all through V2017.02.4 Nucleus ReadyStart V4 versions all through V4.1.0...

CVE-2021-21773

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-13585

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Accusoft ImageGear PSD Header processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.8...

The vulnerability of the Snort intrusion detection system, related to errors in processing HTTP headers, allows a perpetrator to bypass the configured file policy for HTTP.

The vulnerability of the Snort intrusion detection system is related to errors in processing HTTP headers. Exploiting this vulnerability allows a malicious actor to bypass the configured file policy for HTTP requests...

The vulnerability of the Adobe Flash Player in the Google Chrome web browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Adobe Flash Player in the Google Chrome web browser exists due to incorrect processing of the HTTP Origin header. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

uIP-Contiki-OS 输入验证错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. An infinite loop vulnerability exists in rplremoveheader in net/rpl/rpl-ext-header.c in the uIP TCP/IP stack component in Contiki 3.0 and earlier when processing RPL extended header...