OESA-2025-1009 harfbuzz security update

HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in...

HarfBuzz 安全漏洞

HarfBuzz is a text engine for OpenType fonts from the HarfBuzz open source. A security vulnerability exists in HarfBuzz versions 8.5.0 through 10.0.1, which stems from a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...

CVE-2023-34989

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34986

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

PT-2023-6021 · Fortinet · Fortiwlm

Name of the Vulnerable Software and Affected Versions: FortiWLM versions 8.5.0 through 8.5.4 FortiWLM versions 8.6.0 through 8.6.5 Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'os command injection'. This allows an attack...

Fortinet FortiWLC 访问控制错误漏洞

The Fortinet FortiWLC is a wireless LAN controller from Fortinet, Inc. An access control error vulnerability exists in Fortinet FortiWLC, which stems from improperly restricted access. The following products and versions are affected: FortiWLC: 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.6.0...

Fortinet FortiWLC 缓冲区错误漏洞

The Fortinet FortiWLC is a wireless LAN controller from Fortinet. A buffer error vulnerability exists in Fortinet FortiWLC. The vulnerability stems from a boundary error in the FortiWLC's command line interface, which allows a local user to run specially crafted CLI commands to trigger access to...

Apache Tomcat 'CORS Filter' Setting Security Bypass Vulnerability

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

PT-2018-2767 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.4 Apache Tomcat versions 8.5.0 through 8.5.27 Apache Tomcat versions 8.0.0.RC1 through 8.0.49 Apache Tomcat versions 7.0.0 through 7.0.84 Description: The issue arises from the incorrect handling of...

Apache Tomcat Denial of Service Vulnerability (CNVD-2017-05203)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server, which is mainly used for the development and debugging of JSP programs for small and medium-sized systems. A denial-of-service vulnerability exists in Apache...

PT-2017-16645 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.0 through 8.5.12 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M18 Description: The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiti...

Unspecified Vulnerability in Oracle Fusion Middleware Outside In Technology (CNVD-2016-05430)

Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 8.5.0, 8.5.1, 8.5.2, Outside In Technology component, which can be exploited by remote attackers to compromise confidentiality...

Unspecified Vulnerability in Oracle Fusion Middleware Outside In Technology (CNVD-2016-05423)

Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 8.5.0, 8.5.1, 8.5.2, Outside In Technology component, which can be exploited by remote attackers to compromise confidentiality...

Unspecified Vulnerability in Oracle Fusion Middleware Outside In Technology (CNVD-2016-05425)

Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 8.5.0, 8.5.1, 8.5.2, Outside In Technology component, which can be exploited by remote attackers to compromise confidentiality...

Unspecified Vulnerability in Oracle Fusion Middleware Outside In Technology (CNVD-2016-05427)

Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 8.5.0, 8.5.1, 8.5.2, Outside In Technology component, which can be exploited by remote attackers to compromise confidentiality...