Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 461 - 480 of 38630

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of an annotation object while invoking the mailForm method of the active document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device.

CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits an out of bounds read vulnerability in Kamailio SIP server. The vulnerability is due to missing input validation in the build res buf from sip req core function, when processing the To header. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with two To headers, first of them having an empty tag value. Successful...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for out of bounds memory to be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a SQL injection in OpenEMR open-source project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various PHP scripts. A specially crafted HTTP GET request can cause a SQLi in the context of the database user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an authentication bypass on Datalust Seq web server. This vulnerability is due to improper use of a HTTP parameter Name:isauthenticationenabled under HTTP PUT request. A remote attacker can exploit this vulnerability by sending crafted HTTP PUT request to the system. Successful exploitation results in authentication bypass on target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a directory traversal vulnerability in Perl Archive. The filename field of zip files is not sanitized for directory traversal characters. Files unzipped with Perl Archive may overwrite files in the location specified in the directory traversal. An attacker can exploit this by sending a specially crafted zip file to the target and enticing them to use Perl Archive to unzip the...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a heap Use-After-Free vulnerability in VCFTools program package. The vulnerability is due to inexistent validation of FORMAT input contained within the VCF file to be analyzed. An attacker could potentially run arbitrary code or possibly have unspecified other impact on the target system by enticing a user to analyze a maliciously crafted VCF file.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. Because there is not an Integer Overflow check in place, it is possible to craft Javascript in such a way that causes a bug to occur when LowerSetConcatStrMuliItem is called to concatenate strings. This may lead to a denial of service condition in the browser, or...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. It is possible to cause a heap buffer to overflow by creating new objects with specific elements as arguments that repeat in javascript. When this code is executed a buffer overflows and a denial of service condition occurs. Remote code execution may also be possible.

CVSS: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)

This strike exploits an out-of-bounds read vulnerability in Adobe Acrobat Reader. The vulnerability is due to improper parsing of an embedded font by the CoolType module. An exploit could be triggered by opening a crafted XPS document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Zyxel EMG2926 home router. The vulnerability is due to improper validation of input passed to nslookup function located in the diagnostic tools. By exploiting this vulnerability, a remote unauthenticated attacker can execute arbitrary OS commands on the target router.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a use-afer-free vulnerability in Foxit Reader. This vulnerability is due to improper handling of an annotation object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

The strike exploits an OS command injection vulnerability in Horde Groupware Webmail client. The vulnerability originates from the lack of sanitization in handling the generate email parameter when generating PGP keys. The parameter will be later passed as a command line argument to the gpg binary, allowing arbitrary commands execution on the host system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An insecure deserialization vulnerability was found in Oracle WebLogic Server. The vulnerability is due to insufficient validation of serialized data within T3 requests. The vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.

CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

This strike exploits a store cross-site scripting vulnerability in Open-AudIT Community 2.2.6. This vulnerability is due to improper http input filtering the parameter groups. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.

CVSS: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a stack buffer overflow vulnerability in OMRON CX-One CX-Montion. The vulnerability is due to improper parsing of the parameters in a MCI configuration file. An attacker can entice a target to open a specially crafted MCI configuration file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in Javascript v8 engine. It is possible to craft Javascript in such a way that when the main thread parses the WebAssembly Code, the worker thread can also modify this code at the same time causing out of bounds memory access. This may lead to a denial of service condition in the browser, or...

Pages