Input validation

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

CVE-2022-20944 Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

CVE-2022-20944

CVE-2022-20944 concerns Cisco IOS XE for Catalyst 9200 Series Switches . It exploits an improper check in the image verification that occurs during system boot, allowing an unauthenticated, physical attacker to load unsigned software and potentially boot malicious code or bypass the verification ...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-2464)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2022-2464)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, whe...

Cisco Catalyst 9200 Series Switch Data Forgery Issue Vulnerability

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution (cisco-sa-ios-xe-cat-verify-D4NEQA6q)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned...

CVE-2022-20944

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

PT-2022-6390 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches versions prior to 16.11.1 Description: A vulnerability in the software image verification functionality could allow an unauthenticated, physical attacker to execute unsigned code a...

Cisco Catalyst 9200 Series Switches 数据伪造问题漏洞

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

Security Bulletin: IBM Tivoli Federated Identity Manager OpenID: signature validation not applied to all attributes (CVE-2012-6359)

Abstract SUMMARY An OpenID message can be modified to contain unsigned attributes that will be accepted by a relying party because Tivoli Federated Identity Manager TFIM does not check that all attributes have been signed. Content VULNERABILITY DETAILS CVE: CVE-2012-6359 DESCRIPTION: An OpenID...

September 20, 2022—KB5017381 (OS Build 20348.1070) Preview

September 20, 2022—KB5017381 OS Build 20348.1070 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to fi...

GSD-2022-1004990 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level

arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.7 by...

DEBIAN-CVE-2021-20224

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead t...

UBUNTU-CVE-2021-20224

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead t...

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert, or write images in a variety of formats. ImageMagick has a security vulnerability, the vulnerability stems from its MagickCore/quantum-export.c component of the...

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

LibTIFF 数字错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A numeric error vulnerability exists in the LibTIFF tiffcrop utility, which stems from having a uint32t underflow, which can lead to...

LibTIFF 数字错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.The LibTIFF tiffcrop utility suffers from a buffer overflow vulnerability that stems from having a uint32t underflow that could lead to...