CVE-2020-16215

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the applicatio...

CVE-2020-16229

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application t...

CVE-2020-16229

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application t...

PT-2020-14828 · Advantech · Advantech Webaccess Hmi Designer

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess HMI Designer versions 2.1.9.31 and prior Description: The issue arises from the processing of specially crafted project files that lack proper validation of user-supplied data, potentially leading to a type confusion...

PT-2020-14812 · Advantech · Advantech Webaccess Hmi Designer

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess HMI Designer versions 2.1.9.31 and prior Description: The issue arises from the processing of specially crafted project files that lack proper validation of user-supplied data. This can cause the system to write outside th...

Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Qualcomm MSM8909W Path Traversal Vulnerability

The Qualcomm MSM8909W is a central processing unit CPU product from Qualcomm Incorporated USA. A path traversal vulnerability exists in DSP Services in the Qualcomm MSM8909W, which stems from a lack of checks on user data. An attacker could exploit the vulnerability to overwrite or read arbitrary...

PT-2020-14194 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to data validation in the ReadAll method in wal/wal.go, where it is possible to have an entry index greater than the number of entries. Thi...

WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...

TYPO3 dlf extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. dlf extension is one of the digital library extensions. A cross-site scripting vulnerability exists in TYPO3 dlf extension version 3.1.1 and earlier versions, which stems from the lack of...

Pulse Secure Pulse Connect Secure Cross-Site Scripting Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A cross-site scripting vulnerability exists in versions of Pulse Secure PCS prior to 9.1R8. The vulnerability stems from the lack of proper...

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the insufficient data validation when opening a project, allowing a malicious actor to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the insufficient data validation when opening a project. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Input validation

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voic...

Pulse Secure Pulse Connect Secure and Pulse Policy Secure Cross-Site Scripting Vulnerabilities

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution...

eGroupWare 'spellchecker.php' Remote Code Execution Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A remote code execution vulnerability exists in eGroupWare 'spellchecker.php' that stems from the program failing to properly validate user-submitted data. A remote attacker could...

Teltonika TRB245 Cross-Site Scripting Vulnerability

Teltonika TRB245 is a cellular network gateway product from Teltonika Lithuania. A cross-site scripting vulnerability exists in Teltonika TRB245 using firmware version TRB2R00.02.02. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker can...

Jalios JCMS Cross-Site Scripting Vulnerability

Jalios JCMS is a suite of integrated enterprise information management solutions from Jalios, a French company. The product includes enterprise social networking, social learning, document management and content management systems. A cross-site scripting vulnerability exists in the...

The vulnerability of the Microsoft .NET Bond software lies in the insufficient validation of input data, which allows attackers to trigger service failures.

The vulnerability of the Microsoft .NET Bond software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Microsoft Edge (Chromium) < 81.0.416.64 Multiple Vulnerabilities

The version of Microsoft Edge Chromium installed on the remote Windows host is prior to 81.0.416.64. It is, therefore, affected by multiple vulnerabilities: - Out of bounds read and write in PDFium in Microsoft Edge Chromium allowed a remote attacker to potentially exploit heap corruption via a...

CVE-2020-15899

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble...