Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 38201 - 38220 of 38630

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits an IBM SPSS SamplePower ActiveX control buffer overflow vulnerability. Remote attackers can use this vulnerability to let target user to execute arbitrary code.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a file upload vulnerability in Apache Flink. The vulnerability is due to insufficient input validation while uploading files in the FileUploadHandler class. A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server results in the writing of an arbitrary file to any location writable by the target server. *NOTE: When...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack-based buffer overflow vulnerability in BACnet OPC Client. The vulnerability is due to insufficient validation of user-supplied input when parsing csv files. Opening a specially crafted csv file can lead to arbitrary code execution.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability in the Microsoft Internet Explorer. The vulnerability is due to insufficient input validation in the MSHTML CTreePos structure. An attacker could exploit this vulnerability by convincing a user to open a malformed HTML page, which could lead to remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Microsoft Internet Explorer (IE). The vulnerability occurs when Internet Explorer attempts to access a previously freed object. By enticing a user to view a malicious web page, an attacker can remotely execute arbitrary code.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack based buffer overflow vulnerability in Fat Media player when handling long strings inside wav files.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in an EasyMail Quicksoft ActiveX control. Because it is not properly validated, a large amount of data is passed to the CreateStore method causes a buffer to overflow.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a HP ALMs XGO ActiveX control arbitrary file overwrite vulnerability which is due to bad input sanitization. Remote attackers may do arbitrary code execution on the target system.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a path traversal vulnerability in Nagios XI versions prior to 5.8.5 . This vulnerability is due to improper validation of the job parameter in autodiscovery feature. A remote authenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation could result in arbitrary file creation and further more can result in arbitrary code being...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a heap buffer overflow in 3S Smart Software Solutions CoDeSys Gateway Server. If a IEC 61131 GS PUT File packet is received with a negative FileSize parameter, a heap buffer used for the file content will fail to be reallocated and can be easily overflowed. Successful exploitation can result in execution of arbitrary code with privileges of the Gateway Server service, or abnormal...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This...

Pages