Design/Logic Flaw

A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network...

CVE-2022-21806

A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network...

kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...

GSD-2022-1000285 Unsafe default configuration values in Nginx version all version

INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Mageia: Security Advisory (MGASA-2015-0255)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

MGASA-2021-0472 Updated grilo packages fix security vulnerability

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks...

SUSE SLED12 / SLES12 Security Update : grilo (SUSE-SU-2021:3003-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3003-1 advisory. - In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it create...

PT-2022-10663

Name of the Vulnerable Software and Affected Versions netfilter affected versions not specified Description A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Recommendations At the moment,...

ROS-2-1224

2.1224 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...

Breaking the Security Barrier of a Globally Deployed Infusion Pump

ARCHIVED STORY Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump By Douglas McKee, Steve Povolny and Philippe Laulheret · August 24, 2021 Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th,...

Gitlab Grilo信任管理问题漏洞

Gitlab Grilo is a framework for browsing and searching media content from a variety of sources using a single API. A security vulnerability exists in GNOME grilo 0.3.13 and earlier versions, which stems from the program grl-net-wc.c not enabling TLS certificate validation on the SoupSessionAsync...