Monthly
HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.
dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.
dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.