Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 41 - 60 of 148036
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability that exists inside Apple Safari Webkit. An attacker can insert frame elements with an empty URL into a node to overflow the subframe counter. When this node is later removed, the subframes won't be detached. The attacker can also make a subframe "survive" a cross-origin page load. It is possible for the new document to inherit the security context...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability exists in multiple versions of Apache Tomcat HTTP server. The flaw is due to a specific memory area not being released when processing HTTP/2 'MAGIC' requests. A remote attacker may sent a large number of HTTP2 packets to crash the server due to a 'OutOfMemoryException' condition.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits an out-of-bounds read vulnerability in Foxit Studio Photo versions up to 3.6.6.916. The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure when handling PSD files. An attacker could exploit this vulnerability by creating a specially crafted PSD file and entice a user to open it. Successful...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, an out of bounds memory access occurs when the AudioArray::Allocate function is invoked in a specific manner. When this happens a denial of service condition, or potentially remote code execution, may occur.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an integer overflow vulnerability reported in Foxit Reader and PhantomPDF softwares. This vulnerability is due to improper parsing of image files within memory. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted image file. Successful exploitation could allow the attacker to execute arbitrary code under the...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A directory traversal vulnerability exists in Cisco UCS Directory. The vulnerability is due to insufficient validation of user input within 'ApplianceStorageUtil' class. A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in the arbitrary file write and remote code execution under the security...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability that affects Microsoft .NET Framework, SharePoint, and Visual Studio. This vulnerability is due to improper validation of the source markup of XML file input. An attacker could exploit this vulnerability by enticing a user to open a crafted document or sending maliciously crafted XML content to a server that processes the XML data using the...
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A remote code execution vulnerability exists in Ruby on Rails versions 5 < 5.0.1 and 4 < 4.2.11.2, due to lack of user input validation. The vulnerability manifests itself whenever the 'locals' value for a 'render' call is set to 'params' value. Remote attackers may exploit applications containing the up-mentioned pattern by sending a crafted HTTP request to obtain...
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in Apple Webkit. Specifically, an out of bounds memory access occurs when the AudioArray::Allocate function is invoked in a specific manner. When this happens a denial of service condition, or potentially remote code execution, may occur.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a use-after-free vulnerability in the WebAudio component of Google Chrome. The vulnerability is due to incorrect handling of AudioContext objects in memory. A malicious attacker can exploit this vulnerability by creating a specially-crafted HTML page and convince the target user to access it using Chrome. Successful exploitation can potentially lead to remote code execution....
CVSS: 6.9 (AV:A/AC:M/Au:N/C:C/I:C/A:N)
This strike exploits a command injection vulnerability in Axis SSI camera. If the camera is configured to allow anonymous view, a remote, unauthenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution or arbitrary file read.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a directory traversal vulnerability in Cisco Data Center Network Manager. The vulnerability is due to insufficient validation of 'filename' HTTP parameter in the 'saveZoneInputFileToServer' method. An authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in arbitrary file...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote command execution vulnerability in ThinkPHP 5.x less than v5.0.23, v5.1.31. The vulnerability is due to improper validation of parameters in a HTTP GET request. A remote, unauthenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process...
CVSS: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
An insecure deserialization vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient validation of a cached session file before deserialization. An attacker can exploit this vulnerability by crafting a malicious HTTP request. Successful exploitation results in full control of the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
A use after free vulnerability exists in PDF parser of Nitro Pro 13.9.1.155 due to incorrect manipulation of objects in memory. An attacker may execute arbitrary code on a victim's system by enticing the victim to open a crafted PDF file. Successful exploitation may lead to remote code execution with the privileges of the user running the application.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that Checked and Unchecked ArithNegate operations are incorrectly swapped during Common Subexpression Elimination. This will lead to out-of-bounds memory access on an array after being JIT compiled.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A command injection vulnerability exists in in Apache Kylin project versions 2.3.0-2.3.2, 2.4.0-2.4.1, 2.5.0-2.5.2, 2.6.0-2.6.4 and 3.0.0. The vulnerability is due to lack of validation for user-supplied input to 'migrate' REST API endpoint. A remote authenticated attacker may execute arbitrary commands by sending a crafted POST request.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A code execution vulnerability exists in some versions of Microsoft .NET Framework. The vulnerability is due to insecure deserialization of XPS files by the 'XamlReader::Load()' function within 'PresentationFramework.dll'. A remote attacker could exploit this vulnerability by enticing a target user to download and open a crafted XPS file, which may result in the execution of...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer scripting engine. Specifically, an attacker can craft an HTML page containing a Javascript script which creates an array of objects, and the object is reassigned in a custom sort function which then calls 'CollectGarbage()' resulting in use after free condition due to a dangling pointer. A remote attacker could exploit...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, an attacker can craft JavaScript in such a way that when read_requests are modified from inside the accessor, the loop's iterator becomes invalid, and continuing to iterate through will cause out of bounds memory to be accessed. This can cause a denial of service condition in the browser or potentially lead to remote code...
