CVE-2021-40419

A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-21134

A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from no...

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

...

The vulnerability of Thunderbird email client, Firefox and Firefox ESR browsers, arises from improper validation of an empty sequence “pkcs7” when it is transmitted as part of the certificate data. This allows attackers to execute a DoS (Denial-of-Service) attack.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to improper validation of an empty pkcs7 sequence that is transmitted as part of the certificate data. Exploiting this vulnerability allows a remote attacker to send a specially crafted...

CVE-2022-22747

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

VulnCheck KEV: CVE-2011-2474

Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...

Mozilla Firefox 信任管理问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a trust management issue vulnerability that stems from the fact that after the browser accepts an untrusted certificate, processing an empty pkcs7 sequence as part of the certificate data may...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote Windows host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith,...

CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...

Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

MGASA-2021-0590 Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...