Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco. A security vulnerability exists in the Cisco Small Business RV Series routers, which is caused by an exception in error handling during a failed login attempt. An attacker can exploit this vulnerability by submitting specially crafted HTTP packets to t...

CVE-2021-41014

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...

Code injection

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...

CVE-2021-41014

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...

CVE-2021-41014

Fortinet FortiWeb is affected by CVE-2021-41014. FortiWeb versions 6.4.1 and earlier and 6.3.15 and earlier allow an unauthenticated attacker to cause a Denial of Service by sending huge HTTP packets that make the httpsd daemon unresponsive. The vulnerability is documented in Fortinet’s FG-IR-21-...

ASUS routers environmental issues vulnerability

ASUS routers is a router from ASUS Taiwan, China. ASUS routers has a security vulnerability that stems from a problem with the router's firmware validation of HTTP packets, which could be exploited by an unauthenticated remote attacker to conduct a denial-of-service attack by sending specially...

Schneider Electric PowerLogic Input Validation Error Vulnerability (CNVD-2021-46280)

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. It provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. An input validation error vulnerability exists in the Schneider...

CVE-2021-22767

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276...

Schneider Electric PowerLogic 多款产品输入验证错误漏洞

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. It provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. An input validation error vulnerability exists in the Schneider...

Cisco Firepower Threat Defence Snort HTTP Detection Engine File Policy Bypass (cisco-sa-http-fp-bp-KfDdcQhc)

According to its self-reported version, Cisco IOS XE is affected by a vulnerability in the Snort detection engine due to a flaw in the handling of HTTP header parameters. An unauthenticated, remote attacker can exploit this by sending crafted HTTP packets through an affected device. A successful...

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass (cisco-sa-http-fp-bp-KfDdcQhc)

According to its self-reported version, Cisco IOS XE is affected by a vulnerability in the Snort detection engine due to a flaw in the handling of HTTP header parameters. An unauthenticated, remote attacker can exploit this by sending crafted HTTP packets through an affected device. A successful...

CVE-2021-1495

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this...

CVE-2021-1495

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this...

CVE-2021-0251

A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery CPCD services daemon cpcd of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service DoS,...

CVE-2021-0227

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service DoS by sending certain crafted HTTP packets. Continued receipt and processing of these packets will creat...

Null pointer dereference

A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery CPCD services daemon cpcd of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service DoS,...

Design/Logic Flaw

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service DoS by sending certain crafted HTTP packets. Continued receipt and processing of these packets will creat...

CVE-2021-0251 Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets

A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery CPCD services daemon cpcd of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service DoS,...

CVE-2021-0227 Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service DoS by sending certain crafted HTTP packets. Continued receipt and processing of these packets will creat...

CVE-2021-0227

CVE-2021-0227 concerns a memory buffer bound-checking issue in Juniper Networks Junos OS J-Web on SRX Series devices that can enable a Denial of Service via crafted HTTP packets. Affected products include Junos OS on SRX Series with the listed version ranges (e.g., 17.3 before 17.3R3-S9; 17.4 bef...