Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

CVE-2023-41230

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2024-3385

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.7.2 and iPadOS version 16.7.2, which stems from processing a...

Hyperledger Fabric Security Vulnerabilities

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. Hyperledger Fabri has a security vulnerability that stems from a flaw in the way hash processing is performed, which allows an attacker to craft a cross-linking block that...

Cisco Firepower Threat Defense Security Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability in Cisco Firepower Threat Defense for Cisco Firepower 2100 Series Firewalls arises from a flaw in internal packet processing that could allow an...

USN-6438-2 .Net regressions

USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem. Original advisory details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to...

USN-6433-1 ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code...

libwebp: Heap buffer overflow in WebP Codec

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

PT-2023-5874 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message queuing component. This can allow a remote attacker to execute...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

The vulnerability of the mod_proxy_uwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing, allowing attackers to carry out a “HTTP request hijacking” attack.

The vulnerability of the modproxyuwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

SUSE CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

SUSE CVE-2021-25219

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

The vulnerability in the implementation of the `rejectIllegalHeader` attribute in the Apache Tomcat application server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server’s implementation of the rejectIllegalHeader attribute is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests...

CVE-2022-41783

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service DoS condition of the product's OneMesh function...

USN-5736-2 imagemagick vulnerabilities

USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu...

USN-5674-1 xmlsec1 vulnerability

It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service...

CVE-2022-20870

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS...

The vulnerability of the Java-to-XML Apache XMLBeans tool, related to errors in processing XML entities, allows attackers to trigger a service failure or disclose protected information.

The vulnerability of the Java-to-XML Apache XMLBeans tool is related to errors in processing XML entities. Exploiting this vulnerability can allow an attacker to cause service failures or expose sensitive information...