165 matches found
Mozilla Firefox Security Advisory (MFSA2012-39) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI, which arises from a user inputting constructed commands, dat...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI, which arises from a user inputting constructed commands, dat...
Trane Tracer SC 安全漏洞
Trane Tracer SC is an intelligent field panel from Trane Australia that communicates with unit controllers LON or BACnet to provide independent control of HVAC equipment. A security vulnerability exists in the Trane Tracer SC that arises from a lack of proper validation of user input data by a...
Zope 注入漏洞
Zope is a set of open source object-oriented web application servers written in the Python language by the Zope community. An injection vulnerability exists in Zope AccessControl. The vulnerability stems from a lack of proper validation of user input data by a web system or product during the...
SUSE: Security Advisory (SUSE-SU-2021:2320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: openssl
Issue Overview: Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1...
CVE-2021-23841
The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...
CITSmart 注入漏洞
CITSmart is an application from CITSmart Portugal. It provides all the processes for designing an organization. An injection vulnerability exists in CITSmart versions prior to 9.1.2.23, which arises from a lack of proper validation of user input data by a networked system or product during the...
Is-user-valid Injection Vulnerability
An injection vulnerability exists in Is-user-valid, which arises when, during the course of a user input operation to construct a command, data structure, or record, the network system or product lacks proper validation of the user input data, and fails to filter, or fails to correctly filter out...
Injection Vulnerability in Multiple NETGEAR Products (CNVD-2020-25882)
The NETGEAR R6700, among others, is a wireless router from NETGEAR. An injection vulnerability exists in multiple NETGEAR products that can be exploited by an attacker to cause the system or product to be parsed or interpreted in an incorrect manner...
USN-4298-1 sqlite3 vulnerabilities
It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2019-13734, CVE-2019-13750, CVE-2019-13753 It was discovered that SQLite incorrectly handle...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
Format string
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
CVE-2020-10101 affects Zammad 3.0–3.2 where the WebSocket server crashes when non‑JSON messages are sent. The root cause is inadequate validation of message format and unhandled parsing errors, causing a service process crash. Public details in the connected sources reiterate the same description...
sqlite: error mishandling because of incomplete fix of CVE-2019-19880
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880...
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880...