EUVD-2022-29254

Malicious code in bioql PyPI...

CVE-2022-24358

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-24358

CVE-2022-24358 affects Foxit PDF Reader 11.1.0.52543. The flaw lies in the handling of Doc objects: by performing JavaScript actions, an attacker can trigger a read past the end of an allocated buffer, enabling arbitrary code execution in the context of the current process. User interaction is re...

denr.gov.ph Cross Site Scripting vulnerability OBB-1979673

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| denr.gov.ph ---|--- Open Bug Bounty...

CVE-2020-15703 aptdaemon allows unprivileged users to test for the presence of local files via the transaction Locale property

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

CVE-2020-15703

CVE-2020-15703 affects aptdaemon: there is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, letting aptd read a file as root; with a symlink, an error is produced if the file exists, otherwise no error, enabling...

CVE-2020-15703

creationtimestamp| type| source ---|---|--- 2020-10-28 13:20:10+00:00| seen| https://t.me/CyberSecurityTechnologies/1997 2020-11-01 13:43:38+00:00| seen| https://t.me/cibsecurity/15756...

CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

UBUNTU-CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1), org.apache.nifi.minifi:minifi-c2-assembly (>=0.2.0 <=1.28.1) +27 more potentially affected by CVE-2017-15703 via org.apache.nifi:nifi-framework-cluster-protocol (>=0.0.1-incubating <=1.4.0)

org.apache.nifi:nifi-framework-cluster-protocol MAVEN version =0.0.1-incubating, =1.14.0, =0.2.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =1.14.0, =1.14.0, =0.0.1, =0.0.1, =1.0.0, =0.0.1-incubating, =1.0.0, =0.0.1-incubating, =0.0.1-incubating, =1.15.3 and more Source cves: CVE-2017-15703 Source advisory...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

Fortinet FortiOS is affected by CVE-2019-15703 where insufficient entropy in the PRNG (DRBG) can theoretically allow recovery of a long-term ECDSA secret in a TLS client with RSA handshake and mutual ECDSA authentication, via flush+reload side-channel attacks in FortiGate VM models only. The vuln...

CVE-2018-15703

Affected product : Advantech WebAccess 8.3.2 and earlier. Vulnerability : multiple reflected cross-site scripting (XSS) flaws in the WebAccess web interface. Root cause : input is reflected back to victims in the browser without proper sanitization. Impact : remote, unauthenticated attacker can l...

CVE-2017-15703

Apache NiFi (1.x) is affected by CVE-2017-15703 where an authenticated user with a valid client certificate and without ACL permissions can upload a template containing malicious Java deserialization code, leading to a denial-of-service. The root cause is improper handling of Java deserialization...