419 matches found
fokus.foto.no Cross Site Scripting vulnerability OBB-2378858
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 78 new security patches for Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 DFIR-Notes Driving home I got my first message...
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...
Buffer overflow
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...
CVE-2021-2416
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 66 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...
Mitsubishi Electric MELSEC iQ-R Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-R Series CPU Module Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 41 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...
CVE-2021-34824
Istio 1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1 contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces...
CVE-2021-34824
Istio 1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1 contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces...
isc-dhcp -- remotely exploitable vulnerability
Michael McNally reports: Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes...
CVE-2021-29258
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion...
CVE-2021-29258
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion...
CVE-2021-28683
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received...
Authentication flaw
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion...
CVE-2021-29258
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion...
CVE-2021-28682
CVE-2021-28682 affects Envoy (through 1.71.1) with a remotely exploitable integer overflow triggered by an extremely large grpc-timeout value that leads to incorrect timeout calculations. The vulnerability details are corroborated across connected sources (BIT-ENVOY-2021-28682, OSV entries) and s...