Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 601 - 620 of 58316

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to create Javascript in such a way that a change to the opcode of an instruction can generate a bailout but some calling patterns are not considered, and some pointers are not freed or unlinked. This may lead to a denial of service condition in the...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for an integer overflow to occur because a bounds check is calculated incorrectly when the code is JITed. This may lead to a denial of service condition in the browser, or potentially remote code...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. It is possible to craft Javascript in such a way that type confusion can occur when handling LdThis objects. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a stack corruption vulnerability in Digium Asterisk. SIP SUBSCRIBE messages with multiple malformed Accept headers will cause stack corruption. Successful exploitation may result in arbitrary code execution or abnormal termination of the Asterisk service.

CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in ManageEngine Recovery Manager Plus software. This vulnerability is due to inadequate input filtering in the web interface, while creating a new technician within the technicianAction.do form. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that an out of bounds read can occur in ASM.js. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an insecure deserialization vulnerability in FasterXML jackson-databind. The vulnerability is due to improper validation of user input used in deserialization and instantiation of Java objects. This is an incomplete fix for CVE-2017-7525. By sending a maliciously crafted JSON input, an attacker could achieve remote code execution in the context of the vulnerable application....

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows a heap overflow to occur when making a call to the ArrayReverse helper function. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a null pointer dereference vulnerability in Squid Proxy Server. Due to an implementation error, a null pointer dereference occurs when Squid attempts to fetch HTML fragments from esi:include elements. This dereference results in a segmentation fault, leading to abnormal termination of the Squid process.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a content detection bypass in Suricata. Suricata has state dependent connection, and as such will not perform some detection on TCP session which has not completed the TCP handshake and become established. However, many HTTP client applications, such as wget, curl, and some web browsers, will still process data received before the TCP session is established. An attacker could...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a local file information disclosure vulnerability in YAWS application. The root cause of this flaw is a directory traversal vulnerability. The vulnerability is due to invalidation of user input sent in requested URLs. Successful exploitation will allow an attacker to obtain sensitive information from the server, including SSL private key, configuration files and access logs....

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

This strike exploits an out-of-bounds read vulnerability in Dovecot. If multiple To or From fields are present and certain special character requirements are met, such as the inclusion of the or [ characters without the corresponding closing characters, a heap buffer over-read will occur. An attacker can send a specially crafted SMTP message to exploit this vulnerability. Successful exploitation may...

CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

A stack buffer overflow has been identified in Flexsense SyncBreeze Enterprise appliance. The vulnerability is caused by the lack of proper bound checking of the URI within HTTP requests processing. The vulnerability can be exploited by sending a specially-crafted HTTP request, allowing the attacker arbitrary code execution with SYSTEM privileges.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. A specially crafted DCE/RPC request can overflow a buffer, which could lead to arbitrary code execution or abnormal termination within the context of the WebAccess process.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This Strike exploits a blind SQL injection in WordPress Pie Register plugin. The vulnerability is due to insufficient user input sanitization passed to order parameter. A specially crafted HTTP GET request can cause a SQLi in the context of the database user.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a SQL injection vulnerability in Advantech WebAccess Node. The vulnerability is due to lack of proper validation of user-supplied data used to construct SQL queries. A specially crafted HTTP request could allow the attacker to access and modify sensitive information within the SQL database.

CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Joomla! CMS equipped with Gridbox extension. This vulnerability is due to inadequate input filtering in the web interface, while parsing the input from app and category parameters. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser or stole the victims cookie....

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Windows Font Library. The vulnerability is caused by improper handling of a Format 12 mapping tables in a TrueType Font file. A remote attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service by enticing a user to open a specially crafted TrueType file.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. It is possible to craft Javascript in such a way that will cause an OOB read/write to occur when dealing with loop optimization. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in VideoLan VLC Media Player. The vulnerability is due to unsafe parsing of the Use-After-Free objects within the MKV header. An attacker may potentially leverage the vulnerability by specially crafting MKV files, to corrupt sensitive data or execute arbitrary code. Failed exploit attempts will likely result in denial of service conditions.

Pages