Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple macOS is a specialized operating system developed for Mac computers. Several Apple products have security...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-16 and 6.9.13-41 contained security vulnerabilities. These vulnerabilities were due to out-of-bound...

Canon’s various products have security vulnerabilities

Canon ImageRunner is a product of the Japanese company Canon. Canon ImageRunner is a series of all-in-one black-and-white printers. Canon imagePROGRAF is a large-format printer. Canon imageCLASS MF644Cdw is a smart and efficient 3-in-1 color multifunctional printer. Several Canon products have...

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date processing system, related to errors in handling input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma, related to deficiencies in HTTP request processing, allows attackers to induce service failures.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to induce service failures through specially crafted HTTP requests HTTP Request Smuggling attacks...

Vulnerability of the Server component: The Replication function of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Replication component of the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

USN-5167-1: FFmpeg vulnerabilities

It was discovered that FFmpeg did not properly verify certain input when processing video and audio files. An attacker could possibly use this to send specially crafted input to the application, force a division by zero, and cause a denial of service application crash. CVE-2020-20445,...

The vulnerability of the PARSEC security library function, related to insufficient data processing within the security mechanisms, allows a attacker to trigger a service failure.

The vulnerability of the PARSEC security library function is related to a failure in disabling file system protection. Exploiting this vulnerability allows an attacker to cause a service failure...

The vulnerability of Squid’s request headers, related to HTTP request processing flaws, allows attackers to compromise data integrity.

The vulnerability of Squid proxy server requests is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the Microsoft.NET Framework software platform and the Visual Studio development environment, related to data processing flaws, allows attackers to execute arbitrary code.

The vulnerability of the Microsoft.NET Framework software platform and the Visual Studio development environment is related to data processing flaws. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created file...

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Use-After-Free (UAF)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Foxit PhantomPDF < 8.3.9 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.9. It is, therefore, affected by following vulnerabilities: - An out-of-bounds read/write vulnerability exists when handling certain XFA element attributes. Th...

The vulnerability of the IBM WebSphere Commerce, Commerce on Cloud, and WebSphere Commerce Developer software lies in data processing errors. This allows attackers to disclose sensitive information, perform actions on behalf of administrators, or cause service interruptions.

The vulnerability of the IBM WebSphere Commerce, Commerce on Cloud, and WebSphere Commerce Developer software platforms lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information, perform actions on behalf of...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...