108 matches found
CVE-2023-33985
SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results in a denial of service due to a reachable assertion in the modem when processing a sib with an incorrect value from the network...
PT-2023-7985 · One Identity +3 · Syslog-Ng +5
Name of the Vulnerable Software and Affected Versions: One Identity syslog-ng versions 3.0 through 3.37 syslog-ng Premium Edition version 7.0.30 syslog-ng Store Box version 6.10.0 Description: The issue is related to an integer overflow in the RFC3164 parser, which can be exploited by remote...
OESA-2022-1672 rsyslog security update
RSYSLOG is the rocket-fast system for log processing.It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transfo...
多款AVEVA产品安全漏洞
AVEVA InTouch is an open and extensible HMI from AVEVA UK with intuitive graphical animation and scripting capabilities that provide incredible functionality and flexibility for application designers. A command injection vulnerability exists in AVEVA InTouch. The vulnerability stems from a failur...
CVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
AutoTrace 输入验证错误漏洞
AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. An input validation error vulnerability exists in Autotrace version 0.31.1, which arises from a networked system or product that does not properly validate incoming data. No detailed vulnerability details ar...
Intel Ethernet Controllers Input Validation Error Vulnerability
Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. An input validation error vulnerability exists in the Intel 700-series of Ethernet Controllers that arises from a network system or product that does not properly validate input data...
Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIPSO restricted...
FreeRDP Buffer Overflow Vulnerability (CNVD-2020-31440)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in the 'irp' function in versions of FreeRDP prior to 2.1.0. The vulnerability stems from a networked system or product performing operations on memory without...
Command Injection Vulnerability in Multiple NETGEAR Products (CNVD-2021-50928)
NETGEAR EX7000 and others are products of NETGEAR Corporation.NETGEAR EX7000 is a wireless network signal extender.NETGEAR R8500 is a wireless router.NETGEAR D6400 is a wireless modem.NETGEAR R8500 is a wireless router.NETGEAR R8500 is a wireless router.NETGEAR R8500 is a wireless router.NETGEAR...
PT-2020-2599
Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE. It allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, resulting in...
CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...
TaskCanvas Denial of Service Vulnerability
TaskCanvas is a program that tracks computer usage. TaskCanvas suffers from a denial of service vulnerability that arises from a networked system or product that does not properly validate incoming data, which could be exploited by an attacker to cause a denial of service condition that denies...
Linux kernel buffer overflow vulnerability (CNVD-2020-00513)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer error vulnerability exists in Linux kernel version 5.0.0-rc7. The vulnerability arises from a networked system or product performing operations in memory...
Open TFTP Server SP Formatting String Error Vulnerability
Open TFTP Server SP is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in TFTP Server SP version 1.66 and earlier. The vulnerability originates from a network system or product that receives external formatted strings as parameters with lax filteri...
GraphicsMagick 'EncodeImage' function buffer overflow vulnerability
GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A buffer overflow vulnerability exists in the 'EncodeImage' function of the coders/pict.c file in GraphicsMagick. The vulnerability stems from a networked...
Linux kernel buffer overflow vulnerability (CNVD-2019-44513)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in Linux kernel version 5.0.21. The vulnerability arises from a networked system or product performing operations in memory...
LEAD Technologies LEADTOOLS Heap Overflow Vulnerability
LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A buffer error vulnerability exists in the JPEG2000 parsing functionality in LEAD Technologies LEADTOOLS. The vulnerability originates when a networked system or product performs an operation on memory...
Apache HTTP Server Memory Access Vulnerability - Linux
Apache HTTP Server is prone to a memory access vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...