Code injection

WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object...

CVE-2018-14814

PI Studio HMI from Wecon (PI Studio HMI: v4.1.9 and earlier; PI Studio: v4.2.34 and earlier) is affected by an out-of-bounds read (CWE-125) due to improper validation of user-supplied data, potentially reading beyond an allocated object and causing information disclosure. Multiple sources corrobo...

Drupal cross-site scripting vulnerability (CNVD-2019-12155)

Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal version 7 prior to 7.65, version 8.6 prior to 8.6.13, and version 8.5 prior to 8.5.14, which stems from a lack of proper validation of...

Prometheus Cross-Site Scripting Vulnerability

Prometheus is open source software written in the Go language for recording real-time metrics from time-series databases built using the HTTP pull model. A cross-site scripting vulnerability exists in Prometheus versions prior to 2.7.1 that stems from a lack of proper validation of client-side da...

CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of P...

CVE-2019-6735

CVE-2019-6735 affects Foxit Reader. A vulnerability in PDF file processing causes an out-of-bounds read due to lack of proper validation of user-supplied data, potentially disclosing sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious fi...

CVE-2019-6735

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

The vulnerability of the NTLM type-2 function of the libcurl library, which allows a hacker to trigger a service failure

The vulnerability of NTLM type-2 in the libcurl library is related to incorrect validation of incoming data, which leads to reading beyond the buffer of dynamic memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...

Updated python-gnupg packages fix security vulnerability

When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...

The vulnerability of the Junos operating system, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability of the Junos operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Authentication Bypass

Mosquitto is vulnerable to authentication bypass due to incorrect data validation. Clients are granted access to the broker because it incorrectly validated empty lines or malformed data in the password file, treating such data as a valid username and allowing an attacker to bypass authentication...

Microsoft SharePoint EntityInstanceIdEncoder Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the EntityInstanceIdEncoder class. The issue results from the lack of proper validati...

Adobe Acrobat Pro DC Onix32 ReadBTreeT::FindKeyInLeafPage Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

SRC-2019-0076 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CURL-CVE-2018-16890 NTLM type-2 out-of-bounds buffer read

libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server...

M-Server Cross-Site Scripting Vulnerability

M-Server is a small http static server . M-Server suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Google Chrome Insufficient Data Validation Vulnerability

Chrome is a web browsing tool developed by Google. A data validation insufficiency vulnerability exists in IndexedDB in Google Chrome versions prior to 72.0.3626.81. An attacker can exploit this vulnerability to bypass the same source policy via a crafted HTML page...

Foxit Reader PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of P...