EUVD-2020-21393

Malware in sbrugna...

Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service DoS Exploit', 'Description' = %q This module allows remote attackers to cause a denial ...

CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session...

CVE-2023-4256

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpeditdltcleanup function within plugins/dltplugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a...

CVE-2023-27997

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

CVE-2023-27999

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiWeb & FortiADC - OS command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Fortinet Fortigate Heap-based buffer overflow in sslvpnd (FG-IR-22-398)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-398 advisory. - A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 throu...

ROS-20220317-01

Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS attacks. A remote attacker with service:write permission is able to register a specifically-crafted service on clusters with at least one ingress gateway configured, resulting in denial of service conditions in the server...

(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXECINTEGUTIL messages. A remote attacker can inje...