CVE-2022-20870

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS...

The vulnerability of the Java-to-XML Apache XMLBeans tool, related to errors in processing XML entities, allows attackers to trigger a service failure or disclose protected information.

The vulnerability of the Java-to-XML Apache XMLBeans tool is related to errors in processing XML entities. Exploiting this vulnerability can allow an attacker to cause service failures or expose sensitive information...

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server allows a attacker to execute arbitrary code.

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server web server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

The vulnerability of the command-line interface of Cisco Firepower Threat Defense (FTD) software allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of Cisco Firepower Threat Defense FTD software relates to errors in processing XML requests. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created XML data...

The software’s vulnerability regarding increasing the effective working time of components and equipment, as well as optimizing resource utilization in the SAP 3D Visual Enterprise Viewer, is related to insufficient validation of input data. This vulnerability allows a perpetrator to trigger an emergency shutdown of the application.

The vulnerability of the software for increasing the effective working time of components and equipment, as well as optimizing resource utilization in the SAP 3D Visual Enterprise Viewer, is related to insufficient validation of input data during PDF file processing. Exploiting this vulnerability...

PJSIP 安全漏洞

PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A security vulnerability exists in PJSIP 2.12 and earlier versions, which originates from playing/reading invalid WAV files...

PT-2022-16835 · Unknown +3 · Ckeditor 4 +3

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.18.0 Description: A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed HTML,...

expat: Integer overflow in addBinding in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...

UBUNTU-CVE-2021-25219

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

PT-2021-6075 · Isc +12 · Bind +12

Name of the Vulnerable Software and Affected Versions: BIND versions 9.3.0 through 9.11.35 BIND versions 9.12.0 through 9.16.21 BIND Supported Preview Edition versions 9.9.3-S1 through 9.11.35-S1 BIND Supported Preview Edition versions 9.16.8-S1 through 9.16.21-S1 BIND 9.17 development branch...

CVE-2021-30792

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution...

The vulnerability of the Apache Tomcat application server, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests.

The vulnerability of the Apache Tomcat application server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

The vulnerability of the fly-fm file manager, related to insufficient data processing within the security mechanisms, allows a perpetrator to trigger a service failure.

The vulnerability of the fly-fm file manager is related to the first connection of a network location via sftp. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data due to a denial-of-service attack...

ISC BIND DNAME Recursion DoS (CVE-2021-25215)

According to its self-reported version, the ISC Bind present on the remote host is affected by a denial of service vulnerability: - DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may...

CVE-2021-0263

A Data Processing vulnerability in the Multi-Service process multi-svcs on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service DoS condition . The...

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

CVE-2021-1774

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2021-1746

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to errors in processing XML requests, which allows a hacker to execute arbitrary code.

Vulnerability of the software platform for developing and managing online stores Magento Commerce. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with access rights as an administrator to the console...