OpenBSD OpenSSH <= 9.6 Authentication Bypass Vulnerability

OpenBSD OpenSSH is prone to an authentication bypass vulnerability. Note: This VT has been deprecated and is therefore no longer functional. Please see the solution tag for more information. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2024-1633 FIP Header Integer Overflow

During the secure boot, bl2 the second stage of the bootloader loops over images defined in the table “bl2memparamsdescs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integ...

CVE-2023-51767

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder

Impact A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift...

Sielco Radio Link 2.06 Remote Privilege Escalation

inpu...

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

Ruby: 'net/ftp': Uncontrolled Resource Consumption (Memory/CPU)

Current TIMEPARSER implementation allows attackers to cause a denial of service memory consumption via a large integer value for the fractions property. The problem code: ruby TIMEPARSER = -value, local = false unless /\A?\d4?\d2?\d2 ?\d2?\d2?\d2 ?:.?\d+?/x = value raise FTPProtoError, "invalid...

CVE-2019-12940

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service memory consumption in knowledgebase.php via a large integer value of the depth parameter...

QEMU 'qemu_deliver_packet_iov' function denial of service vulnerability

QEMU aka Quick Emulator is a suite of simulation processor software. The software is fast and cross-platform. A security vulnerability exists in the 'qemudeliverpacketiov' function in the net/net.c file in QEMU, which originates from the function accepting packets larger than the size of INTMAX. ...

DEBIAN-CVE-2018-10087

The kernelwait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INTMIN value...

UBUNTU-CVE-2018-10087

The kernelwait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INTMIN value...

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...

libebml2 'EBML_IntegerValue' Function Denial of Service Vulnerability

libebml2 is an open source EBML parser written in C . A security vulnerability exists in the 'EBMLIntegerValue' function in the ebmlnumber.c file in libebml2 2012-08-26 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with the help of a specially...

SonicDICOM PACS 2.3.2 - Privilege Escalation

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Desc:...

CVE-2015-8561

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted integer value to the 1 AttachToSS, 2 CopyAll, 3 CopyRange, 4 CopyRangeEx, or 5 SwapTable method, a...

Schneider Electric ProClima F1BookView ActiveX Control CopyRangeEx Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Schneider Electric ProClima F1BookView ActiveX Control CopyAll Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...