您希望搜索哪方面的内容?
建议的搜索
No product matches found - System Exception
符合的结果
STRIKE DATABASE
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Year
Directory
Search Strikes
Showing : 1 - 20 of 10000
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript engine. It is possible to craft Javascript in such a way that causes an out of bounds read in the jscriptRegExpFncObj::LastParen method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript engine. It is possible to craft Javascript in such a way that causes an out of bounds read in the jscriptRegExpFncObj::LastParen method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a heap overflow vulnerability related to texture compression. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in abnormal termination of the flash process.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a Denial-of-Service vulnerability in Windows Server Message Block (SMB). The vulnerability is due to how memory is allocated by the SMB service. By sending a series of crafted packets an attacker could cause the target service to become unresponsive or require the system to be manually restarted.
CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader. The vulnerability is due to an improper validation of the file content during handling of PDF files. An attacker could write files to the file system and execute local files while bypassing the security dialog by enticing a user to open a malicious file with the vulnerable software.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an Use After Free vulnerability in Graphics Magic. The vulnerability is due to improper management of image pointers after certain error conditions. An attacker could conduct use-after-free attacks by enticing a user to open a crafted file using the vulnerable software. NOTE: This vulnerability exists because of an incomplete fix for CVE-2017-11403.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.