The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to insufficient input data validation, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures...

jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

Rumble Mail Server Cross-Site Scripting Vulnerability

Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3 and IMAP4v1 by Daniel Gruno, a personal developer.A cross-site scripting vulnerability exists in Rumble Mail Server version 0.51.3135, which stems from the username parameter's lack of data validation filtering for user The...

Rumble Mail Server Cross-Site Scripting Vulnerability (CNVD-2022-63573)

Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3, and IMAP4v1 from Daniel Gruno's personal developer.Rumble Mail Server version 0.51.3135 is vulnerable to a cross-site scripting vulnerability that stems from the domain and path parameters are missing a data validation filter...

Rumble Mail Server Cross-Site Scripting Vulnerability (CNVD-2022-63575)

Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3, and IMAP4v1 from Daniel Gruno's personal developer.Rumble Mail Server version 0.51.3135 is vulnerable to a cross-site scripting vulnerability that stems from the servername parameter lacks a data validation filter for...

Directus Cross-Site Scripting Vulnerability (CNVD-2022-81371)

Directus is a live Api and application dashboard. Used to manage Sql database content, a cross-site scripting vulnerability existed prior to Directus version 9.7.0, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

Eyecix Careerfy Cross-Site Scripting Vulnerability

Eyecix Careerfy is a WordPress theme from Eyecix Pakistan.A cross-site scripting vulnerability exists in versions prior to Eyecix Careerfy 3.9.0, which stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit the vulnerability to execu...

HPE OneView Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions prior to HPE OneView 6.6, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side...

USN-5368-1: Linux kernel vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-23222 It was discovered that the network traffic contro...

Omron CX-One CX-Position NCI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI...

CVE-2022-24795

The CVE-2022-24795 issue affects yajl (and its ruby binding yajl-ruby). A 32-bit size_t-based integer overflow in the reallocation logic (yajl_buf.c) can cause under-allocation when handling very large inputs (~2 GB), leading to heap memory corruption and potential process availability impact. On...

Code injection

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

Directus 跨站脚本漏洞

Directus is a live Api and application dashboard. Used to manage Sql database content, a cross-site scripting vulnerability existed prior to Directus version 9.7.0, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

TPCMS 跨站脚本漏洞

TPCMS is a content management system.A cross-site scripting vulnerability exists in TPCMS version 3.2, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute arbitrary web script or HTML by injecting a...

Function getUserPastLock may return incorrect values

Lines of code Vulnerability details Impact userLocks array can contain elements with the same fromBlock properties, but different total locked amounts. This edge case is not considered in the implementation of getUserPastLock function, which returns a value as soon as it finds a UserLock with...

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

CVE-2021-32970

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions...

CVE-2021-27493

Summary (CVE-2021-27493): Philips Vue PACS (versions 12.2.x.x and prior) contains a logic/validation issue where structured messages or data are not consistently well-formed before reading from an upstream component or sending to a downstream component. This is documented as improper input valida...

CVE-2021-27493 Philips Vue PACS

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

Buffer overflow

Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...