5862 matches found
CVE-2014-9897
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bu...
Design/Logic Flaw
platform/msmshared/partitionparser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate certain GUID Partition Table GPT data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard MMC, aka Android internal...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
A vulnerability exists in the cdfcountchain function in the cdf.c file of the Fileinfo component in PHP, due to improper data validation for the sector counters. Exploitation of this vulnerability allows malicious actors to induce a service failure abnormal termination of the application by using...
The vulnerability of the Cisco IOS operating system, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.
The vulnerability of the Cisco IOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Squid Poisoning Vulnerability (SQUID-2016:7) - Linux
Squid is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...
Updated squid packages fix security vulnerability
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache...
The vulnerability of the XSLTResult class implementation in the Apache Struts software platform allows attackers to execute arbitrary code.
The vulnerability of the XSLTResult class implementation in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the stylesheetLocation parameter...
CVE-2015-2686
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...
CVE-2015-2686
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...
Midea's M-Smart smart socket has design logic flaws
M-Smart Smart Socket is a smart home appliance developed by Midea Group. Midea's M-Smart Smart Socket is susceptible to man-in-the-middle attacks due to insecure protocols for transmitting data and lack of validation of what is transmitted on the client and server side. The lack of effective...
Shopify: XSS on https://app.shopify.com/
DESCRIPTION =========== It has been identified that the page located at https://app.shopify.com/ is prone to cross-site scripting issues. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious...
The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the mechanism for verifying data correctness
The vulnerability of the Ruby on Rails software platform lies in the fact that the Active Model component supports the use of instance-level records for class methods. Exploiting this vulnerability allows a malicious actor to bypass the data validation mechanism by using a specially crafted...
The vulnerability of the Cisco Firepower Extensible Operating System allows a intruder to trigger a maintenance failure.
The vulnerability of the Cisco Firepower Extensible Operating System’s driver exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor, operating locally, to trigger a service failure using a pre-prepared USB device that transmits erroneous USB...
DEBIAN-CVE-2015-8726
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme MCS data, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted file...
DEBIAN-CVE-2015-8711
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...
KLA10730 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Improper data validation and lack of restrictions can be exploited remotely via a specially designed packet o...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to trigger a service failure
The vulnerability of the inittile function in the libavcodec/jpeg2000dec.c file of the FFmpeg multimedia library exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure using specially crafted JPEG 2000 data...
The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.
The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...
WordPress Pie Register 2.0.18 Cross Site Scripting
Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...
The vulnerability of the multimedia player iTunes and the iOS operating system allows a hacker to execute arbitrary code or trigger a service failure.
The vulnerability of the WebKit component in the multimedia player iTunes and the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially crafted...