98 matches found
Numeric Truncation Error
Overview Affected versions of this package are vulnerable to Numeric Truncation Error through the handling of specially crafted inputs. An attacker can execute arbitrary code on the target system by sending a malformed data packet. Remediation Upgrade Microsoft.Azure.Kinect.Sensor to version or...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32143 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
Fortinet FortiOS and FortiProxy Denial of Service Vulnerabilities
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. FortiProxy is a web proxy soluti...
CVE-2023-36641
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5,...
CVE-2023-36641
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5,...
Code injection
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5,...
CVE-2023-36641
CVE-2023-36641 is a DoS vulnerability caused by a numeric truncation error in Fortinet FortiProxy/FortiOS. Affected products include FortiProxy 1.0–2.0 and FortiOS 6.x–7.x, with exploits triggered by specially crafted HTTP requests. Red Hat, CNVD, and other sources corroborate the DoS impact and ...
Fortinet FortiProxy 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. FortiProxy is a web proxy soluti...
Fortinet Fortigate DOS in headers management (FG-IR-23-151)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-151 advisory. - A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10,...
X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...
Oracle VirtualBox NAT Numeric Truncation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
CentOS 8 : edk2 (CESA-2020:1712)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1712 advisory. - edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib CVE-2019-14563 Note that Nessus has not tested for this issue but has instead relied only on the...
Medium: edk2
Issue Overview: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation IntelR CoreTM, IntelR CeleronR Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. CVE-2019-14558 Memory leak in...
edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...
Oracle VirtualBox Virtual USB Numeric Truncation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtual...
Arbitrary Code Execution
openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute...
Microsoft HID Driver Numeric Truncation Information Disclosure Vulnerability
This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists in the hidparse.sy...
Oracle Linux 5 : php (ELSA-2010-0919)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0919 advisory. - add security fix for CVE-2010-3870 626735 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...