172 matches found
CVE-2022-39052
An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system...
Design/Logic Flaw
An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system...
UBUNTU-CVE-2022-39052
An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system...
CVE-2022-39052 DoS attack using email
An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system...
CVE-2022-39052
Removed by vendor...
CVE-2022-40277
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...
PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series hardware, VM-Series virtual and CN-Series container firewall...
ansible-tower: Privilege escalation via job isolation escape
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment...
PT-2022-24697 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An external attacker can send a specially crafted email with many recipients to potentially trigger a Denial of Service DoS of the system. There is no...
CVE-2021-37166
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...
Buffer overflow
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...
CVE-2021-35525
PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...
NETGEAR JGS516PE/GS116Ev2 Password Hash Mechanism Insecurity Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. It allows an external attacker to gain administrative access to the switch...
Netgear NETGEAR JGS516PE 加密问题漏洞
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. It allows an external attacker to gain administrative access to the switch...
U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping
Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...
Open-Xchange: SSRF - Guard - Unchecked HKP servers
Description When encrypting an email, one of strategies to lookup recipient's encryption key is to contact a HKP keyserver specified in DNS records of recipient's domain. Specifically it is DNS SRV records for hkps.tcp. and hkp.tcp., which specify hostname and port of the keyserver. In source cod...
Inim Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...
Teradek VidiU Pro 3.0.3 SSRF Vulnerability
Summary The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web without a PC. Whether you're streaming out of a video switcher or wirelessly from your camera, VidiU allows you to go live when you want, where you want. VidiU offers API level integration...
[SECURITY] [DLA 1375-1] wget security update
Package : wget Version : 1.13.4-3+deb7u6 CVE ID : CVE-2018-0494 Debian Bug : 898076 Harry Sintonen have discovered a cookie injection vulnerability in wget caused by insufficient input validation, enabling an external attacker to inject arbitrary cookie values cookie jar file, adding new or...
Circle with Disney WiFi Insecure Access Point Vulnerability
Summary An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed “de-auth” packets to trigger this...