Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 201 - 220 of 58316

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the ByteCodeParser::handleIntrinsicCall method. It is possible to craft Javascript in such a way that will cause type confusion to occur. This can lead to a denial of service or potentially allow for remote code execution to occur.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the BytecodeGenerator::hoistSloppyModeFunctionIfNecessary method. It is possible to craft Javascript in such a way that allows for an object to be passed as the property variable directly as a string to the op get direct pname handler without being properly validated. This can lead to a denial of...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A heap-based buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT messages within the parse mqtt method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code execution or denial of...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a path traversal vulnerability found in Cisco Data Center Network Manager DCNM. The vulnerability is due to incorrect permission settings in affected DCNM software. An unauthenticated attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to write arbitrary files on the filesystem...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution on the Viber Desktop. The vulnerability is due to improper sanitization of user input which is passed to the application via the DLL loading path. A remote unauthorized attacker can exploit this vulnerability by enticing the victim to open a crafted web page. Successful exploitation results in remote code execution on the victims application.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits an authentication bypass on the Redis Server. The vulnerability is due to allowing attacker load a dynamic module and execute it remotely without authentication. A remote unauthorized attacker can exploit this vulnerability by sending a crafted TCP request to the system. Successful exploitation results in remote code execution on the target server.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Squid Proxy. This vulnerability is due to inadequate input filtering of user name in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site scripting on the victims...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in GrandNode Ecommerce platform. The vulnerability is due to improper sanitization of parameters passed to the LetsEncryptController module. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

This strike simulates a stored XSS attack on Symantec DLP 15.5 MP1. The flaw exists in /ProtectManager/enforce/admin/senderrecipientpatterns/list endpoint due to lack of sanitization for the name parameter. A successful authenticated attacker is thus able gain control of victims browser.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

An OS command injection exists in Centreon 19.04.0 due to lack of sanitization when the nagios binary path is set. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that in IonMonkey an unexpected ObjectGroup in an ObjectGroupDispatch operation might allow for unsafe code to execute. This could cause type confusion to occur causing a denial of service condition in the browser or...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits an authentication bypass on the Wordpress Plugin Like Button. The vulnerability is due to not properly checking if the request is sent by an authorized user. A remote unauthorized attacker can exploit this vulnerability by sending a crafted HTTP POST request to the system. Successful exploitation results in changing the configuration of the plugin setting.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that IonMonkey incorrectly predicts the return type of Array.Prototype.pop. This causes type confusion to occur which can result in remote code execution.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a path traversal vulnerability found in Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

A code execution vulnerability has been reported in Microsoft Windows ActiveX Data Objects ADO. The vulnerability is due to improper handling of an object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file. Successful exploitation could result in the execution of arbitrary code with the victims privileges.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an information disclosure vulnerability in Microsoft Windows GDI component. The flaw is located in bHandleCreateDIBPatternBrush function and exists due to lack of checks when parsing an EMF files BITMAPINFOHEADER fields. In order to exploit this vulnerability an attacker must entice the victim to open a malicious emf file.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a file upload vulnerability in Adobe Coldfusion. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file upload and code execution on the target server.

CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in Cisco Prime Infrastructure EPNM. The vulnerability is due to improper sanitization of the downloadDirectory parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists when a Watchpoint jettisons code that has already been freed. This causes a Use-After-Free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits an integer overflow vulnerability in Microsoft Windows SMB Server. The vulnerability is due to improper handling of SMBv2 requests. A remote, authenticated attacker could exploit this vulnerability to execute arbitrary code on the target system.

Pages