| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected. |
| A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. |
| A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. |
| A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery. |
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. |
| Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
|
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. |
| NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart. |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. |
| blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available. |
| phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds. |
| Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. |
| Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\`). The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\` symbol is found in the `$name`. This vulnerability can be exploited if the attacker has access to: 1. an Administrator account, or 2. a non-administrator, user account that has Admin panel access and Create/Update page permissions. A fix for this vulnerability has been introduced in commit `b4c6210` and is included in release version `1.7.42.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. |
| NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. |
| A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.
This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. |
| A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.
This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected.
Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory. |
| A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition. |
