Uriparser 资源管理错误漏洞

Uriparser is a Uri parsing and processing library written in C89 that strictly conforms to Rfc 3986. uriparser is vulnerable to a resource management error that stems from uriparser prior to 0.9.6 performing invalid free operations in uriNormalizeSyntax. No detailed vulnerability details are...

Uriparser 资源管理错误漏洞

Uriparser is a strictly Rfc 3986 compliant Uri parsing and processing library written in C89. A security vulnerability exists in uriparser that stems from uriparser prior to 0.9.6 performing an invalid free action in uriNormalizeSyntax...

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a buffer error vulnerability that originates from a...

The vulnerability of Adobe Premiere Rush software, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Adobe Premiere Rush is related to insufficient validation of input data during the MP4 file syntax analysis. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the professional video editing software Adobe Premiere Pro lies in the operation beyond buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the professional video editing software Adobe Premiere Pro lies in the fact that operations may go beyond the buffer limits in memory during the syntax analysis of 3GP files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

The vulnerability of the open implementation of the OpenLDAP protocol, related to the possibility of successful assertion during syntax analysis, allows a perpetrator to perform a denial-of-service attack.

The vulnerability of the open implementation of the OpenLDAP protocol lies in the difficulty of verifying syntax analysis. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted request to slapd...

ROS-20211223-03

Vulnerability in an open source implementation of the OpenLDAP protocol is related to a reachability assertion. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted packet with a short timestamp to slapd and perform a denial of service...

Exploit for Path Traversal in Apache Http_Server

Vulnerability Name Apache Remote Code Execution CVE-2021-42...

The vulnerability of the JT Utilities and JT Open Toolkit (JTTK) application development tools, related to buffer overflow in the stack, allows an attacker to execute arbitrary code.

The vulnerability of the JT Utilities and JT Open Toolkit JTTK application development tools is related to buffer overflows in the stack during syntax analysis of JT files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the JT Utilities and JT Open Toolkit (JTTK) application development tools, related to data writing beyond the buffer limit, allows a perpetrator to execute arbitrary code.

The vulnerability of the JT Utilities and JT Open Toolkit JTTK application development tools is related to data writing outside of the buffer during JT file syntax analysis. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS S/MIME PKCS \#7 or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS X.509 OCSP or CRL functionality may be impacted depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However email clients and PDF viewers that use NSS for signature verification such as Thunderbird LibreOffice Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

...

CLSA-2021-1639681783 Fix CVE(s): CVE-2021-3712

SECURITY UPDATE: fix assumption that ASN.1 string is NULL terminated when it exactly doesn't. - debian/patches/CVE-2021-3712.patch: backport all found cases where code relayed on assumtion that ASN.1 string is NULL terminated - CVE-2021-3712...

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation can exceed the buffer boundaries into memory, allowing an attacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation goes beyond the buffer boundaries into memory during the syntax analysis of project files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a...

nuclei-templates

This is a GitHub repository for a community-driven project called "Nuclei Templates". The project provides a collection of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various files and workflows for managing and updating the templates,...

UBUNTU-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to insufficient validation of input data, allows a hacker to execute arbitrary commands.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient validation of input data during syntax analysis of image files. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Input validation

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

CVE-2021-20844

CVE-2021-20844 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210) via improper neutralization of HTTP request headers in the Web GUI, allowing a remote authenticated attacker to obtain sensitive information through a crafted page. Affected firmware versions are RTX830 &lt;=15.02.17, NVR510...

CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38448 Trane Symbio Improper Control of Generation of Code

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...