radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. radare2 suffers from a buffer overflow vulnerability that originates when a networked system or product performs an operation in memory without properly validating the data boundaries, resulting in incorrect read and write...

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

CVE-2021-41040

In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data...

Eclipse Wakaama 缓冲区错误漏洞

Eclipse Wakaama is a C-based, open source implementation of the OMA LWM2M protocol from the Eclipse Foundation. A buffer error vulnerability exists in Eclipse Wakaama versions 2021-01-14 and earlier, which stems from the CoAP parsing code failing to properly clean up data received over the networ...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

Guest can force Linux netback driver to hog large amounts of kernel memory

ISSUE DESCRIPTION Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side ...

CVE-2021-31352

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

Information disclosure

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

CVE-2021-31352 SRC Series: NETCONF over SSH allows negotiation of weak ciphers

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

CVE-2021-22946

A user can tell curl = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line orCURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL withlibcurl. This requirement could be bypassed if the server would return a...

U.S. Dept Of Defense: Expired SSL Certificate allows credentials steal

Hi security Team! I've found this website with no valid SSL Certificate. https://██████████ Certificate has expired 314 days ago. Impact Error message can appear on page and user can have his credentials stolen by an attacker capturing the network data. System Hosts ███████ Affected Products and...

CVE-2021-38175

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there...

BlackBerry QNX Software Development Platform 输入验证错误漏洞

Blackberry QNX Software Development Platform is a QNX software development platform from Blackberry Canada. The platform is primarily used to develop software based on the QNX platform. An input validation error vulnerability exists in the BlackBerry QNX Software Development Platform. The...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager versions prior to 9.5, which stems from an incorrect access control vulnerability in Secomea...

Oracle Primavera Unifier (Jul 2021 CPU)

The 17.12, 18.8, 19.12, and 20.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Security-in-Depth issue in the Oracle Spatial and Graph Network Data Model jackson-databind component of Oracle...

PostgreSQL 输入验证错误漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. An input validation error vulnerability exists in PostgreSQL. The...

Nagios Network Analyzer Self-XSS Vulnerability

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...

EFM ipTIME C200 IP Camera Command Injection Vulnerability

EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. A command injection vulnerability exists in the EFM ipTIME C200 IP Camera that originates from a network system or product that does not properly validate incoming data...

Google Android Input Validation Error Vulnerability

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. An input validation error vulnerability exists in Google Android OS, which arises from a network system or product that does not properly validate input data...

CVE-2020-29491

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin...