195 matches found
CVE-2021-0263
A Data Processing vulnerability in the Multi-Service process multi-svcs on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service DoS condition . The...
Command injection
A Data Processing vulnerability in the Multi-Service process multi-svcs on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service DoS condition . The...
CVE-2021-1793
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...
CVE-2021-1737
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution...
Foxit PhantomPDF 缓冲区错误漏洞
Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. Foxit PhantomPDF suffers from an out-of-bounds read vulnerability when processing U3D objects in PDF files. The vulnerability is caused due to a lack of proper validation of user-supplied data, which could result in reading...
ONLYOFFICE Document Server Buffer Overflow Vulnerability
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A buffer overflow vulnerability exists in the BMP image processing of the ONLYOFFICE Document Server core module, which can be exploited by an attacke...
PT-2021-14348 · Pypi · Cairosvg
Name of the Vulnerable Software and Affected Versions: CairoSVG versions prior to 2.5.1 Description: The issue is related to a regular expression denial of service REDoS vulnerability in CairoSVG, a Python package used for converting SVG files. When processing SVG files, CairoSVG uses two regular...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2020-29568
An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...
Imagemagick Studio ImageMagick Input Validation Error Vulnerability (CNVD-2021-23801)
Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions of ImageMagick prior to 7.0.9-0, which...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
apache-commons-configuration: uncontrolled class instantiation when loading YAML files
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2020-11999
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2020-2003 PAN-OS: Authenticated administrator can delete arbitrary system file
An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
ImageMagick Studio ImageMagick Resource Management Error Vulnerability (CNVD-2020-02272)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio ImageMagick suffers from a resource management error vulnerability. The...
SUSE-SU-2019:3126-1 Security update for haproxy
This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...
This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, re...
UBUNTU-CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...