envoyproxy/envoy: NULL pointer dereference in TLS alert code handling

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this...

envoyproxy/envoy: NULL pointer dereference in TLS alert code handling

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this...

HashiCorp Vault 信任管理问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault versions 1.5.1 and later that stems from an inability to validate TLS certificates...

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys or nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption...

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys or nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption...

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

OESA-2021-1147 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation...

PT-2021-11225 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.1.0 through 9.1.0 Description: The issue is related to the LDAP Provider's inability to connect over TLSv1.2, which may make it easier for a malicious actor to eavesdrop and decrypt traffic. This issue does no...

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys or nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption...

openSUSE: Security Advisory for umoci (openSUSE-SU-2021:0548-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openssl: NULL pointer dereference in signature_algorithms processing

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation. TLS hostname is not validated sufficiently. Remediation There is no fixed version for tweetstream...

Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS

The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Banner Slider” widget accepts a “titletag” and a “subtitletag” parameter...

Pillow 资源管理错误漏洞

Pillow is a Python-based image processing library. A denial of service vulnerability exists in versions of Pillow prior to 8.2.0, which stems from the fact that PSDImagePlugin.PsdImageFile does not properly check the number of input layers based on data block size, and can be exploited by attacke...

Cisco Link Layer Discovery Protocol Denial of Service Vulnerability

Cisco Link Layer Discovery Protocol is a router from Cisco USA. A security vulnerability exists in Cisco Link Layer Discovery Protocol, which can be exploited by an attacker to execute arbitrary code or cause the affected router to leak or reload system memory...

CVE-2021-1309

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...

CVE-2021-1309

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...

CVE-2021-1251

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...

CVE-2021-1308

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...

Memory corruption

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...