Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unit parameter in print-customoid.php. PoC Pass in a unit parameter value, when...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...

net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access

A flaw was found in net-snmp. A malformed OID in a SET request to the SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access issue...

net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.

A flaw was found in net-snmp. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference issue...

net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference

A flaw was found in net-snmp. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference issue...

net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.

A flaw was found in net-snmp. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference issue...

net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access

A flaw was found in net-snmp. A malformed OID in a SET request to the SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access issue...

net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.

A flaw was found in net-snmp. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference issue...

Apex Softcell LD Geo 安全漏洞

Apex Softcell LD Geo is an application from Apex Softcell. Apex Softcell LD Geo has a security vulnerability that originates from is improper validation of certain parameters Client ID, DPID, and BOID in the API endpoint. An attacker could exploit this vulnerability to obtain sensitive informatio...

The vulnerability of the nsVacmAccessTable() function in the OID Handler component of the Linux operating system’s software suite allows a attacker to compromise data integrity.

The vulnerability of the nsVacmAccessTable function in the OID Handler component of the Net-SNMP software suite for the Linux operating system is related to the assignment of the NULL pointer. Exploitation of this vulnerability could allow an attacker to compromise data integrity...

CVE-2024-34702

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...

CVE-2024-34703

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...

ALPINE-CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in processing the ASN.1 object identifier of a certificate in ASN1.php file, where providing a sub identifier may lead to denial of service due to excessive CPU consumption during the decodeOID...

CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

DEBIAN-CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

Design/Logic Flaw

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

UBUNTU-CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

OESA-2024-1223 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate...

CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...