Input validation

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution...

CVE-2019-13545

CVE-2019-13545 affects Horner Automation Cscape (versions 9.90 and earlier). The vulnerability is an out-of-bounds write caused by improper validation of data, which may allow arbitrary code execution. Related advisories describe a CSP-file parsing path and imply remote/code execution scenarios, ...

WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2020-28770)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. Cross-site scripting vulnerability exists in WordPress events-manager...

CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

CVE-2019-6475 A flaw in mirror zone validity checking can allow zone data to be spoofed

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

CVE-2019-5875

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2019-13669

Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2019-13681

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page...

CVE-2019-13678

Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

CVE-2019-13673

Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-13670

Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

WordPress eu-cookie-law plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. eu-cookie-law is a website cookie notification confirmation plugin used in it. Cross-site scripting vulnerability exists in WordPress...

The vulnerability of the Next-Generation Multicast VPN (NG-mVPN) service in the Junos OS allows a attacker to cause a service failure.

The vulnerability of the Next-Generation Multicast VPN NG-mVPN service in the Junos OS operating system is related to the lack of data validation during transmission. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted IPv4 packets...

The vulnerability of Google Chrome, related to errors in data validation within developer tools, allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of Google Chrome is related to errors in data validation when using developer tools. Exploiting this vulnerability can allow attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures...

Adobe Acrobat Pro DC Distiller PostScript JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2019-36960)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in gila-blog and gila-mag in Gila CMS 1.11.4 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

Kirona Solutions Dynamic Resource Scheduling Cross-Site Scripting Vulnerability

Kirona Solutions Dynamic Resource Scheduling DRS is a suite of dynamic resource scheduling software for field services from Kirona Solutions, UK. A cross-site scripting vulnerability exists in Kirona Dynamic Resource Scheduling DRS version 5.5.3.5. The vulnerability stems from a lack of proper...

Jiangnan Online Judge Cross-Site Scripting Vulnerability (CNVD-2019-36846)

Jiangnan Online Judge is an online evaluation system for computer programming. The system is mainly used for compiling and executing the source code submitted by users and checking the correctness of the program source code. A cross-site scripting vulnerability exists in Jiangnan Online Judge...

WordPress wpDataTables Lite plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wpDataTables Lite is a chart management plugin used in it. A cross-site scripting vulnerability exists in WordPress wpDataTables Lite...