Dell Wyse ThinOS 安全漏洞

Wyse ThinOS is a highly secure, virus-resistant thin operating system. An insecure default configuration vulnerability exists in Wyse ThinOS 8.6 and earlier versions. An attacker could exploit the vulnerability to access sensitive information on the local network...

CVE-2020-35909

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68253)

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. An attacker could exploit the vulnerability via a...

Visualizing Network Traffic Data to Drive Action

Top 5 multi group queries for analyzing network sensor data We launched the Insight Network Sensor earlier this year and have since seen great adoption from both new and existing customers. The main use case behind this success is the need for network visibility. Customers want to know what is...

Design/Logic Flaw

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-downloadfiles of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects:...

CVE-2020-17397

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

OSV-2020-413 Stack-buffer-overflow in ot::NetworkData::NetworkDataTlv::GetNext

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14401 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::NetworkData::NetworkDataTlv::GetNext ot::NetworkData::Leader::IsStableUpdated ot::NetworkData::Leader::RegisterNetworkData...

ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution...

Logic Flaw Vulnerability in ColossusCoinXT

ColossusCoinXT is a virtual currency. An input validation vulnerability exists in ColossusCoinXT version 1.0.5 and earlier, which arises from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerability to conduct an input validation...

Bitcoin Core version 0.15.1 buffer overflow

Bitcoin is an e-currency created with open source P2P software. A buffer error vulnerability exists in bitcoind and Bitcoin-Qt versions prior to 0.15.1. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resultin...

CVE-2020-11102

An out-of-bounds access flaw was found in the Tulip NIC emulator built into QEMU. This flaw occurs while copying network data to and from its tx/rx frame buffers, as it does not check frame size against the data length. This flaw allows a remote user or process to crash the QEMU process, resultin...

Red Hat Wildfly Encryption Problem Vulnerability

Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . A security vulnerability exists in Red Hat Wildfly used with the OpenSSL security provider that stems from a program failing to enforce the 'enabled-protocols' setting of the...

Corel Parallels Desktop IOCTL handler input validation error vulnerability

Corel Parallels Desktop is a suite of virtual machine software from Corel Canada for the macOS platform.IOCTL handler is one of the system call handlers dedicated to device input and output operations. An input validation error vulnerability exists in the IOCTL handler in Corel Parallels Desktop...

Ken Silverman Build Engine Buffer Overflow Vulnerability

Ken Silverman Build Engine is a first person shooter game engine. A buffer overflow vulnerability exists in Ken Silverman Build Engine version 1. The vulnerability arises when a networked system or product performs an operation in memory without properly validating data boundaries, resulting in...

IBM MQ Appliance Input Validation Error Vulnerability

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. An input validation error vulnerability exists in the IBM MQ Appliance. The vulnerability originates from a network system or product that does not properly validate incomin...

Lustre ptlrpc module buffer overflow vulnerability (CNVD-2020-07304)

Lustre is a parallel distributed file system typically used in large computer clusters and supercomputers, of which Lustre ptlrpc is a module. A buffer overflow vulnerability exists in the Lustre ptlrpc module. The vulnerability stems from a networked system or product performing operations in...

Nfstream - A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

libsixel buffer overflow vulnerability (CNVD-2020-12707)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in the 'loadsixel' function of the loader.c file in libsixel version 1.8.2, which originates when a networked system or product perform...

Libyang Buffer Overflow Vulnerability

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A buffer overflow vulnerability exists in versions prior to libyang 1.0-r5. The vulnerability stems from a networked system or product that performs operations in memory withou...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-16053)

Qualcomm MDM9607 and others are products of Qualcomm Incorporated Qualcomm, U.S.A. The MDM9607 is a central processing unit CPU product.The MSM8996AU is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU...