GHSA-6476-G47X-H3C7 PyFriBidi Buffer overflow in the fribidi_utf8_to_unicode function

Buffer overflow in the fribidiutf8tounicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service application crash via a 4-byte utf-8 sequence...

PyFriBidi Buffer overflow in the fribidi_utf8_to_unicode function

Buffer overflow in the fribidiutf8tounicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service application crash via a 4-byte utf-8 sequence...

Security Bulletin: IBM System x and Flex Systems Potential Denial of Service Due to Weak IPv4 and IPv6 Sequence Numbers

Summary Potentially predictable IPv4 and IPv6 sequence numbers generated by Linux kernels before version 3.1 may make it easier for remote attackers to cause a denial of service or hijack network sessions.. Vulnerability Details Abstract Potentially predictable IPv4 and IPv6 sequence numbers...

Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

GHSA-5JRP-W8FR-MRWW Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

OpenV2G 安全漏洞

The primary scope of the OpenV2G project is to provide an open source implementation of the latest draft of the ISO/IEC Vehicle-to-Grid Communication Interface V2G CI standard.A memory corruption vulnerability exists in Siemens OpenV2G due to a missing length check in the OpenV2G EXI parsing...

CVE-2021-26339

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers...

OESA-2022-1648 vte security update

VTE is a terminal emulator widget for use with GTK+ 2.0. Security Fixes: The VteTerminal in gnome-terminal vte before 0.32.2 allows remote authenticated users to cause a denial of service long loop and CPU consumption via an escape sequence with a large repeat count value.CVE-2012-2738...

Siemens OpenV2G memory corruption vulnerability

The primary scope of the OpenV2G project is to provide an open source implementation of the latest draft of the ISO/IEC Vehicle-to-Grid Communication Interface V2G CI standard.A memory corruption vulnerability exists in Siemens OpenV2G due to a missing length check in the OpenV2G EXI parsing...

PT-2022-9727 · Amd +1 · Amd Cpus +1

Name of the Vulnerable Software and Affected Versions: AMD CPU affected versions not specified Description: A bug in AMD CPU's core logic may allow an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang, resulting in a potential denial of service. The specific code...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xterm Vulnerability (NS-SA-2022-0032)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xterm packages installed that are affected by a vulnerability: - xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining charact...

NewStart CGSL CORE 5.05 / MAIN 5.05 : screen Vulnerability (NS-SA-2022-0035)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has screen packages installed that are affected by a vulnerability: - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly have...

Fedora: Security Advisory for plantuml (FEDORA-2022-930b54aa84)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: plantuml-1.2022.4-1.fc36

PlantUML is a program allowing to draw UML diagrams, using a simple and human readable text description. It is extremely useful for code documenting, sketching project architecture during team conversations and so on. PlantUML supports the following diagram types - sequence diagram - use case...

The vulnerability of the Apache Superset data visualization software lies in the lack of validation for XML objects’ sequences, which allows attackers to carry out attacks based on SQL injections.

The vulnerability of Apache Superset’s data visualization software lies in the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a remote attacker to carry out attacks based on SQL injections...

CVE-2022-28391

An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity...

[SECURITY] Fedora 35 Update: plantuml-1.2022.2-1.fc35

PlantUML is a program allowing to draw UML diagrams, using a simple and human readable text description. It is extremely useful for code documenting, sketching project architecture during team conversations and so on. PlantUML supports the following diagram types - sequence diagram - use case...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise servic...