Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

GHSA-9VJF-JJCQ-3GH7 Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

GHSA-WXQG-FG7V-MMC6 Moodle Authenticated Spelling Binary Remote Code Execution

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...

Moodle Authenticated Spelling Binary Remote Code Execution

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...

Adobe InCopy Installed (Windows)

Binary data adobeincopywininstalled.nbin...

Adobe InCopy Installed (macOS)

Binary data adobeincopymacinstalled.nbin...

Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)

Binary data sophosxgfirewallcve-2022-1040.nbin...

ManageEngine Password Manager Pro REST API Restriction Bypass (CVE-2022-29081)

Binary data manageenginepmpcve-2022-29081.nbin...

CVE-2022-26042

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

RUSTSEC-2022-0042 malicious crate `rustdecimal`

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

malicious crate `rustdecimal`

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

radare2 代码问题漏洞

Radare2 is a set of libraries and tools for working with binary files. A denial of service vulnerability exists in Radare2 versions prior to 5.7.0, which stems from a null pointer dereference in libr/bin/format/mach0/mach0.c. The vulnerability can be exploited to cause a denial of service. An...

Google Chrome < 101.0.4951.64 Multiple Vulnerabilities

Binary data 701406.pasl...

Apache Tomcat < 8.5.79 Vulnerability

Binary data 701404.pasl...

Apache Tomcat < 10.0.21 Vulnerability

Binary data 701402.pasl...

Apache Tomcat < 9.0.63 Vulnerability

Binary data 701405.pasl...

Apache Tomcat < 10.1.0-M15 Vulnerability

Binary data 701403.pasl...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.307.3.1 - Revert 'rds/ib: recover rds connection from stuck tx path' Nagappan Ramasamy Palaniappan Orabug: 34124233 5.4.17-2136.307.3 - kvm: debugfs: fix memory leak in kvmcreatevmdebugfs Pavel Skripkin Orabug: 33099019 - KVM: debugfs: Reuse binary stats descriptors Jing Zhang Orabug:...

InHand Networks InRouter302 iburn firmware checks firmware update vulnerability

Summary A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Network...

CVE-2022-23705

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the...