1155 matches found
Juniper Networks Junos OS Evolved 资源管理错误漏洞
Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. A resource management error vulnerability exists in Junos OS Evolved due to an uncontrolled resource consumption vulnerability in the device's ARP daemon and Network Discovery Protocol process, which could all...
PT-2021-5184 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the TCP/IP protocol in Microsoft Windows, specifically due to insufficient input validation. This can be exploited by a remote attacker to caus...
PT-2021-4153 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in the Windows operating system, caused by insufficient input validation. This can...
PT-2021-5194 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in Microsoft Windows, caused by insufficient input validation. This can be exploit...
EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2176)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-2206)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...
Wireshark: Multiple vulnerabilities
Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...
UVI-2021-1000712 net: caif: add proper error handling
net: caif: add proper error handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.272 by commit a3536dce5895f714d9eead8afb92629a3fb5875b...
USN-5002-1 linux-hwe, linux-gke-5.3, linux-raspi2-5.3 vulnerability
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code...
Stack overflow
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
CVE-2021-22898
CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...
Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability
Summary A remote code execution vulnerability exists in the SMB Server Apple macOS 10.15.7. A specially crafted SMB packet can trigger a stack-based buffer overflow, which can lead to arbitrary code execution and denial of service. This vulnerability can be triggered by sending a malicious packet...
Apple macOS SMB server create file request uninitialized memory disclosure
Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...
[ASA-202106-8] libcurl-gnutls: information disclosure
Arch Linux Security Advisory ASA-202106-8 ========================================= Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-22898 Package : libcurl-gnutls Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1999 Summary ======= The package...
Information Disclosure
curl is vulnerable to information disclosure. The vulnerability exists in -t command line in CURLOPTTELNETOPTIONS because the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server which allows an attacker to...
CVE-2021-22898
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...
CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
Vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system, which allows attackers to modify, add, or delete data.
The vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the MySQL network protoco...
The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the network MySQL protocol...