Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 301 - 320 of 58316

CVSS: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability found in MatrixSSL. The vulnerability is due to improper validation of user-supplied key size within pubRsaDecryptSignedElementExt. An attacker could exploit this vulnerability by crafting special X.509 certificate. A successful exploit could lead to arbitrary code execution or crash of the vulnerable application.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically a type confusion vulnerability exists inside the Chakra Javascript engine InitClass. It is possible for an attacker to craft javascript code in such a way that type confusion will cause a memory access violation to occur. This may lead to remote code execution or a denial of service condition in the browser.

CVSS: 8.0 (AV:N/AC:L/Au:S/C:C/I:P/A:P)

An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality. The vulnerability is due to missing string sanitization when parsing event listener script sources. By enticing an user to open a crafted fodt document, an attacker may achieve remote code execution on the target system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the JE Photo Gallery component 1.1 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

An integer overflow vulnerability has been discovered in ZeroMQ libzmq library. The vulnerability is due to improper sanitization of user-supplied data passed to zmq::v2 decoder t::size ready function when handling ZMTP messages. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in the execution of...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike executes a vulnerability in a Microsoft Windows Contact file. Specifically a remote attacker can execute arbitrary code on Microsoft Windows by performing code injection in the email field of a Windows Contact file.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A heap overflow vulnerability exists in the dhcpcore.dll component of Windows DHCP Client. The vulnerability is triggered by two subsequent null bytes in a Domain Search DHCP Option within a DHCP Offer packet, followed by an arbitrary number of bytes, causing a zero-length buffer to be written, thus overwriting a invalid memory space. By exploiting the vulnerability, an attacker may be able to...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution in ThinkPHP framework. The flaw is rooted within the invokefunction method as a consequence of no parameter validation. A remote, unauthenticated attacker may thus be able to execute code on the vulnerable Machine with the permissions of the user running the web server.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

A remote code execution vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software. The vulnerability is due to improper validation of packet data in the Smart Install feature. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or denial of service DoS...

CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

This strike exploits an ACL bypass vulnerability in Mosquitto. If the username or client ID field is set to # or +, ACLs will be completely bypassed. An attacker can send a crafted mqtt message to access mqtt topics without proper ACL rights.

CVSS: 6.1 (AV:L/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits a integer overflow vulnerability found in SQLite with the FTS3 extension enabled. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting special FTS3 shadow tables. A successful exploit could allow the attacker to execute arbitrary SQL statements.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike executes a vulnerability in Icona SpA C6 Messenger. When the DownloaderActiveX Control propPostDownloadAction parameter is set to run, a remote attacker can download and execute a file via a URL in propDownloadUrl parameter. This strike sends the initial html that contains these parameters before they make an outbound request to receive a malicious file via the propDownloadUrl parameter...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

A heap buffer overflow exists in Rockwell Automation RSLinx Classic. The vulnerability is due to a flaw in the module that processes EtherNet/IP SendRRData messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the vulnerable application.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in OMRON CX-One CX-Position. When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. Successful exploitation could lead to arbitrary code execution.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution in Zoho ManageEngine OpManager. The vulnerability is due to deserialization of untrusted data by the DataMigrationServlet component. A remote attacker can exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation results in remote code execution.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits an vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists inside the Javascript Chakra engine. It is possible to craft Javascript in such a way that when a push or pop method is used on an object with a numeric property the associated InlineArrayPop or InlineArrayPush instruction is called. It is possible to cause type confusion allowing for a denial...

CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)

This strike exploits a cross-site scripting vulnerability in Webmin. The vulnerability results from the lack of sanitization when displaying the POST parameter history in /shell/index.cgi. A successful exploitation leads to arbitrary code execution in visitors browsers or credentials theft.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT SUBSCRIBE messages within mg mqtt broker handle subscribe method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a denial of service vulnerability in Mosca MQTT broker. When evaluating an invalid regex contained in an MQTT subscribe message, Mosca will terminate abnormally, leading to a denial of service condition.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a stack buffer overflow in Hewlett Packard Enterprise HPE Intelligent Management Center IMC. An overly long user supplied curDir parameter sent to the dbman service gets written to a stack-based buffer with a fixed size causing a buffer overflow to occur. This can cause a denial of service condition to occur or potentially allow for remote code execution.

Pages