CVE-2022-22161

CVE-2022-22161 describes an Uncontrolled Resource Consumption vulnerability in the Juniper Networks Junos OS kernel. An unauthenticated network-based attacker can flood the out-of-band management port, causing 100% CPU usage and making the device unresponsive; continued floods yield a sustained D...

CVE-2022-22153

CVE-2022-22153 affects Junos OS flowd on SRX Series and MX Series with SPC3. A high-rate fragmented-traffic condition (fragmented packets > ~5%) can cause latency or packet loss due to insufficient algorithmic complexity and unthrottled resource allocation. Affected versions are prior to 18.2R...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

DELL Dell EMC Unity 操作系统操作系统命令注入漏洞

Dell EMC Unity is a unified storage array product from Dell DELL USA. Dell EMC Unity suffers from a command injection vulnerability that originates from a network system or product that does not properly validate incoming data. An attacker could exploit the vulnerability to run crafted commands a...

Design/Logic Flaw

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

MGASA-2021-0530 Updated gfbgraph packages fix security vulnerability

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Input validation

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file...

Denial of service in third-party component in Vaadin 7 and 8

Improper check for exceptional condition in a third party HTML handling library used in com.vaadin:vaadin-server versions 7.0.0 through 7.7.27 Vaadin 7.0.0 through 7.7.27 and 8.0.0 through 8.13.3 Vaadin 8.0.0 through Vaadin 8.13.3 allows network attackers to cause denial of service via unspecifie...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2021-35657

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

UBUNTU-CVE-2021-35607

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

Race condition

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon flowd of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traff...

CVE-2021-31369

CVE-2021-31369 affects Juniper Networks Junos OS on MX Series with MS-MPC/MS-MIC. The issue is an Allocation of Resources Without Limits or Throttling vulnerability that allows an unauthenticated network attacker to cause a partial Denial of Service by generating high-rate traffic. If a Class of ...

CVE-2021-31361

CVE-2021-31361 affects Juniper Networks Junos OS on QFX Series and PTX Series. The issue stems from an improper check and handling of exceptional conditions, allowing an unauthenticated network attacker to increase FPC CPU utilization by sending certain IP packets encapsulated in VXLAN, causing a...