Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitializ

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrie

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authent

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative p

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and p

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted a

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with differe

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 an