Microsoft & Adobe Patch Tuesday (January 2022) – Microsoft 126 Vulnerabilities with 9 Critical, Adobe 41 Vulnerabilities, 22 critical

Microsoft Patch Tuesday – January 2022 Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in thei...

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns tha...

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

Remote code execution

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability

...

HTTP Protocol Stack Remote Code Execution Vulnerability

...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in the Microsoft Windows HTTP Protocol Stack. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

PT-2022-1390

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version, including 10 20H2, 10 21H1, 10 21H2, 10 1809, 11, Server 20H2, Server 2019, and Server versions up to 2022. Description The issue is related to a buffer overflow in the memory of the HTTP...

CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

Suricata 缓冲区错误漏洞

Suricata is a network intrusion detection system IDS, intrusion prevention system IPS, and network security monitoring engine developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load pre-defined...

Design/Logic Flaw

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

CVE-2021-41229

BlueZ contains a memory-leak vulnerability in the SDP path (sdp_cstate_alloc_buf) that can cause the service to be exhausted if an attacker continuously sends SDP packets. The issue is described across multiple advisories as affecting BlueZ and being mitigated by upgrading to patched BlueZ packag...

CVE-2021-25477

CVE-2021-25477 affects Mediatek RRC Protocol stack; improper error handling could cause a modem crash and remote DoS. Root cause described as error handling weakness in the Mediatek RRC stack prior to SMR Oct-2021 Release 1. Documented impact is network-exposed denial of service with potential av...

Festo SBRD-Q/SBOC-Q/SBOI-Q

SUMMARY The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP. 2. IMPACT Please consult the CVEs listed above and ICSA-21-105-02. 3. MITIGATION - Minimize network exposure...

Huawei EMUI/Magic UI Bluetooth protocol stack vulnerability

Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI has a Bluetooth protocol stack vulnerability that can be exploited by attackers to cause an infinite loop in DoS...

lwip 安全漏洞

lwip is an open source TCP/IP stack implementation. A security vulnerability exists in lwIP that allows an attacker to exploit the vulnerability to access sensitive information via a crafted 6LoWPAN packet...

Juniper Networks Junos OS 缓冲区错误漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS suffers from a buffer error vulnerability that originates from a buffer overflow vulnerability in the device's...