CVE-2020-23539
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. Devamını Oku
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. Devamını Oku
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. Devamını Oku
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Devamını Oku
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Devamını Oku
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device.…
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. Devamını Oku
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. Devamını Oku
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and…
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely. Devamını Oku
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. Devamını Oku
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. Devamını Oku
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. Devamını Oku