CVE-2023-30280

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

NETGEAR R6900和NETGEAR R6700v3 安全漏洞

NETGEAR R6900 and NETGEAR R6700v3 are both products of NETGEAR, Inc.NETGEAR R6900 is a wireless router.NETGEAR R6700v3 is a router. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in the NETGEAR R6900 and NETGEAR R6700v3...

The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure

The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability in the implementation of the Secure Socket Tunneling Protocol (SSTP) on Windows operating systems allows a hacker to induce a service failure.

The vulnerability of the Secure Socket Tunneling Protocol SSTP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Microsoft Visual Studio software allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Network Address Translation (NAT) technology implementation in Windows operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Network Address Translation NAT technology implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially created data...

The vulnerability of the Linux kernel’s Bluetooth permission checking subsystem allows a perpetrator to execute arbitrary commands.

The vulnerability of the Linux operating system’s Bluetooth permission checking subsystem is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests remotely...

The vulnerability of the Microsoft Office software package, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Office package is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Microsoft Visual Studio software allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the HTTP-based client profiling function in Cisco IOS XE allows a hacker to trigger a service failure.

The vulnerability of the HTTP-based client profiling function in Cisco IOS XE exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the processing of input data when performing syntactic analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the processing of input data when performing syntactic analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Redis database management system, related to the lack of measures for cleaning incoming data, allows a attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process.

The vulnerability of the Redis database management system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process...

The vulnerability of the IBM DB2 database management system, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of the IBM DB2 database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure by executing the Load command...

The vulnerability of Nomad application orchestrators, which allows a hacker to trigger a service failure.

The vulnerability of Nomad application orchestrators is related to the improper processing of highly compressed input data. Exploiting this vulnerability can allow a remote attacker to cause service failures...

The software for 3D design in Adobe Dimension is vulnerable due to insufficient testing of input data, allowing attackers to execute arbitrary code.

The software for 3D design by Adobe Dimension is vulnerable due to insufficient testing of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary commands...

ROS-20230322-03

A vulnerability in the Git program is related to the input of processed input data - a path outside the working tree can be overwritten by a user running "git apply". Exploiting the vulnerability could allow an attacker acting remotely to run the affected command against a malicious or compromise...