Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform from IBM in the United States. IBM InfoSphere Information Server version 11.7 contains a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and...

nopCommerce Cross-Site Scripting Vulnerability (CNVD-2022-70103)

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...

Oracle MySQL Cluster Data Node Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

GalleryCMS Cross-Site Scripting Vulnerability

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...

Remote code execution

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...

NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. The NVIDIA Jetson Linux Driver Package suffers from a buffer error vulnerability that stems from insufficient validation of untrusted data, which could be exploited by a local attacker to cause a memory buffer overflo...

KLA12517 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in Input can...

GalleryCMS 跨站脚本漏洞

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

The vulnerability of the `stream_get_meta_data` function in the PHP programming language exists due to insufficient checks on input data, allowing attackers to compromise the integrity of the information.

The vulnerability of the streamgetmetadata function in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of information...

GLPI Cross-Site Scripting Vulnerability (CNVD-2022-44239)

GLPI is an open source IT and asset management software from a personal developer. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

chatwoot cross-site scripting vulnerability

chatwoot is an application. Customer engagement suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. chatwoot suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An...

Integer bounds error in Vyper

Impact in the following code, the return of .returnsint128 is not validated to fall within the bounds of int128. as of v0.3.0, .returnsint128 is validated in simple expressions, but not complex expressions. vyper interface iface: def returnsint128 - int128: view def returnsBytes33 - Bytes33: view...

Zimbra Cross-Site Scripting Vulnerability

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...

MISP Cross-Site Scripting Vulnerability (CNVD-2022-64093)

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...