Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 321 - 340 of 58316
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in PowerDNS. In a normal DNS message, the minimum number of bytes in the Additional Section is 16. If this section contains less than 11 bytes, an error in validation will lead to a buffer overread, which then causes the pdns recursor service to terminate abnormally, leading to a denial of service condition
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in the PHP imap open function on Ubuntu or Debian. This vulnerability is due to improper handling of the -oProxyCommand values when a client sends http traffic to the server which has some imap functionality. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap buffer overflow vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits a stored Cross-Site Scripting vulnerability in WordPress MapSVG Plugin. The vulnerability is a consequence of no user input sanitization when storing the data[mapsvg data]. A successful exploitation leads to arbitrary code execution in visitors browsers or credentials theft.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an out-of-bounds write in Netatalk package. The vulnerability is due to a missing bounds check in the handling of the DSI Opensession command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution with privileges of the root user.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted rowid parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This strike exploits a information disclosure vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple WebKit. Specifically, the vulnerability exists in the AbstractValue Set method. Javascript can be crafted in such a way that the attacker can write into the immutable butterfly of a Copy on Write array. This can lead to a Use-After-Free condition causing a denial of service or potentially lead to remote code execution.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits a use-before-initialization vulnerability in VLC Media Player. The vulnerability arises when a memory allocation fails due to a large enough ChunkSize flag, thus leaving the p peek pointer unintialized. By exploiting this, an attacker could cause information leaks on the target system.
CVSS: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
This strike exploits a reflected XSS vulnerability inside the Samsung DVR Web Viewer. Web Viewer is vulnerable to a cross-site scripting attack that will allow remote attackers to inject code.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a null pointer dereference vulnerability in Microsoft Edge browser. The vulnerability resides in the way the browsers engine handles dynamically created namespacesURI elements. By exploiting the vulnerability an attacker is able to cause denial of service conditions on targets browser.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. To trigger this vulnerability, an attacker must send a specially crafted MQTT SUBSCRIBE packet over the network, without a preliminary CONNECT packet. Successful exploitation results in remote code execution or denial of service conditions of the application.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVSS: 6.8 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits a vulnerability in Webkit. Specifically, it is possible to create an array having a Proxy object in the prototype chain. This may cause a denial of service condition in the browser or allow for remote code execution to occur.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits an information disclosure vulnerability in the Mozilla Firefox browser. Specifically, the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that result in the stack pointer being off by 8 bytes. When this occurs a memory address gets leaked that can be used as part of an exploit. This strike demonstrates the information disclosure by dumping the leaked...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.
CVSS: 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)
An exploitable stack-based buffer overflow exists in Losant Arduino MQTT client library. The vulnerability is a result of improper checks when a MQTT PUBLISH packet is received by the client which leads to certain memory areas from the stack to be overwritten. By controlling a rogue server, an attacker may be able to obtain code execution on connected MQTT peers.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules RWZ files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability exists in Eclipse Mosquitto broker. The vulnerability is due to a flaw in the module that handles Publish messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed message to the target service. Successful exploitation could crash the vulnerable application.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a OS command injection vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.
