1155 matches found
CVE-2022-36058
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...
CVE-2022-36058
Elrond-go (github.com/ElrondNetwork/elrond-go) prior to version 1.3.34 is affected by CVE-2022-36058 due to a MultiESDTNFTTransfer call with a missing function name in SC addresses. The issue is confirmed in multiple sources (Red Hat, NVD, OSV, GHSA) and is triggered when processing certain Multi...
Improper Input Validation
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...
The vulnerability of the Web Services sub-component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows attackers to cause service failures.
The vulnerability of the Web Services sub-component of the Oracle WebLogic Server application server within the Oracle Fusion Middleware software platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using...
The vulnerability of the Core component of the Oracle Coherence data processing software platform allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle Coherence data processing software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures using the specially crafted T3 network protocol...
Ubuntu: Security Advisory (USN-4185-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-1093-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the OSPFv3 network protocol implementation in Cisco NX-OS network operating systems allows a attacker to cause a service failure.
The vulnerability of the OSPFv3 network protocol implementation in Cisco NX-Os network operating systems involves a lack of checks for buffer size and reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
Honeywell Alerton Ascent Control Module 安全漏洞
The Honeywell Alerton Ascent Control Module is a high performance, BACnet-compliant, integrated building controller and router from USAHoneywell. It can support BACnet/Ethernet, BACnet/IP and BACnet/MSTP. A security vulnerability exists in Honeywell Alerton Ascent Control Module ACM versions...
USN-5513-1: Linux kernel (AWS) vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Likang Luo discovered that a race condition existed in the Bluetoo...
The vulnerability of the OSPF network protocol implementation in the microcomputer-based switching devices SCALANCE of the XM-400 and XR-500 series allows a intruder to trigger a service failure.
The vulnerability of the OSPF network protocol implementation in the microcomputer-based switching devices SCALANCE models XM-400 and XR-500 is related to the lack of integrity checks. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
rsyslog: Heap-based overflow in TCP syslog server
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...
Advantech iView 命令注入漏洞
Advantech iView, a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices, is vulnerable to a command injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which stems from the use of a special element in a command that is not...
Advantech iView SQL注入漏洞
Advantech iView is a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China. iView is vulnerable to a SQL injection vulnerability, which is caused by a special element used in SQL commands that is not neutralized and can be exploited to obtain...
Advantech iView SQL注入漏洞
Advantech Iview is a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices. information...
The vulnerability of the Core server component of Oracle WebLogic Server allows a attacker to trigger a service failure.
The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using network T3/IIOP protocols...
The vulnerability of the Core component of the Oracle Coherence data processing software allows a hacker to execute arbitrary code.
The vulnerability of the Core component of the Oracle Coherence software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using the specially crafted T3 network protocol...
The vulnerability of the Designer sub-component of the Oracle WebCenter Forms Recognition software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause a service failure.
The vulnerability of the Designer sub-component of the Oracle WebCenter Forms Recognition software platform is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, or add data, or cause a service...
OpenStack Compute (Nova) Improper Input Validation
The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...
GHSA-46R8-9CJ7-PW6G OpenStack Compute (Nova) Improper Input Validation
The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...