168 matches found
PT-2022-19275 · F Secure · F-Secure Atlant
Name of the Vulnerable Software and Affected Versions: F-Secure Atlant affected versions not specified Description: A Denial-of-Service DoS issue was discovered in the fsicapd component used in certain F-Secure products. When scanning larger packages or fuzzed files, the component consumes too mu...
PT-2022-13778 · Unknown · Tildearrow Furnace
Name of the Vulnerable Software and Affected Versions: tildearrow Furnace versions prior to the patch 0eb02422d5161767e9983bdaa5c429762d3477ce Description: A denial of service issue was discovered, classified as problematic, resulting from an incomplete fix of a previous issue. This issue can be...
The vulnerability of the put_qpel_0_0_fallback_16 function in the h.265 Libde265 implementation allows a attacker to trigger a service failure.
The vulnerability of the putqpel00fallback16 function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...
CVE-2022-0982 Buffer Overflow via crafted client request in Accel-PPP v1.12
The telnetinputchar function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdlinelen is copied into a fixed buffer b-buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger...
CVE-2022-0982
The telnetinputchar function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdlinelen is copied into a fixed buffer b-buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger...
CVE-2021-44747
A Denial-of-Service DoS vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the...
CVE-2022-24705
The radpacketrecv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigge...
Exploit for CVE-2021-24086
CVE-2021-24086 This is a proof of concept for CVE-2021-24086...
Pexip Infinity 输入验证错误漏洞
Pexip Infinity Pexip video conferencing cloud collaboration platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity's call setup is vulnerable to an input validation error. An unauthenticated remote attacker can use this vulnerability to trigg...
phpGACL SQL注入漏洞
phpGACL is an open source PHP class for Web developers to provide a simple but powerful "insert" permission system . For its current Web-based applications to use . Phpgacl version 3.3.7 SQL injection vulnerability , the vulnerability stems from the program admin/edit group.php page SQL injection...
Exploit for CVE-2021-24086
CVE-2021-24086 This is a proof of concept for CVE-2021-24086...
The vulnerability of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) system, related to an exception handling error, allows a violator to trigger a service failure.
The vulnerability of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P system is related to an exception handling error. Exploiting this vulnerability could allow a malicious actor to trigger a service failure remotely...
jenkins: stored XSS vulnerability in 'trigger builds remotely'
A flaw was found in Jenkins versions prior to 2.251 and LTS 2.235.3. The remote address of hosts starting a build via 'Trigger builds remotely' are not properly escaped leading to a potential stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
The CVE-2020-2239 issue affects Jenkins Parameterized Remote Trigger Plugin up to version 3.1.3. The plugin stores a secret in plaintext in the controller’s global configuration file (org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml), exposing confidential data to any...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...