CVE-2023-36922 OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

K37337112: Apache Tomcat vulnerability CVE-2017-6056

Security Advisory Description It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816...

Security Bulletin: A Vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2017-6056 could allow a remote attacker to wage a denial of service attack. Vulnerability Details CVEID: CVE-2017-6056 DESCRIPTION: Apach...

Ubuntu: Security Advisory (USN-74-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CITSmart ITSM 9.1.2.22 - LDAP Injection

Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection Google Dork: "citsmart.local" Date: 29/12/2020 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.23 Using this LDAP query in the usernam...

CVE-2020-7464

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure4 device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a...

CVE-2020-7464

Removed by vendor...

CVE-2020-7464

The CVE-2020-7464 issue affects the ure(4) USB Ethernet driver in FreeBSD (Realtek RTL8152/8153). A programming error can cause large frames (>2048 bytes) to be misreported as 2048 bytes, enabling an attacker to reinterpret part of a large packet as a separate packet and inject packets across ...

FreeBSD-SA-20:27.ure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:27.ure Security Advisory The FreeBSD Project Topic: ure device driver susceptible to packet-in-packet attack Category: core Module: ure Announced: 2020-09-15...

EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2020-1355)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespac...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2020-1141)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP...

FreeBSD : pkg -- vulnerability in libfetch (2af10639-4299-11ea-aab1-98fa9bfec35a)

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacqu...

pkg -- vulnerability in libfetch

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers...

FreeBSD -- libfetch buffer overflow

Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...

CVE-2020-3139 Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability

A vulnerability in the out of band OOB management interface IP table rule programming for Cisco Application Policy Infrastructure Controller APIC could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB...

Debian DLA-2028-1 : squid3 security update

It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities. CVE-2019-12526 URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

Design/Logic Flaw

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...