17 matches found
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...
EUVD-2022-27803
Malicious code in bioql PyPI...
CVE-2022-22658
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...
PT-2022-25628 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions 16.0.1 through 16.0.2 Description: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent...
CVE-2022-22658
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...
Input validation
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...
CVE-2022-22658
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...
Apple iOS Denial of Service Vulnerability
A denial-of-service vulnerability exists in versions of Apple iOS prior to 16.0.3, which stems from a failure to properly handle incoming error messages and could be exploited to launch a denial-of-service attack via a maliciously crafted email...
About the security content of iOS 16.0.3
About the security content of iOS 16.0.3 This document describes the security content of iOS 16.0.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2019-15619
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
CVE-2019-15619
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Nextcloud: Username Enumeration
Hi, it is possible to determine the existence of a user account. It reveals username which can open new attack vectors. Version: Nextcloud 16.0.3 Request for existing account: GET /avatar/admin/80?v=-472 HTTP/1.1 Host: localhost:8084 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.14; rv:68....
OpenStack Nova FilterScheduler Incompletely Fixes Denial of Service Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud construct controllers written in Python that is part of the IaaS system. It is part of the IaaS system.FilterScheduler...
McAfee LiveSafe Man-in-the-Middle Vulnerability
McAfee LiveSafe is prone to a man-in-the-middle vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mcafee:livesafe";...
CVE-2017-3897
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...
CVE-2017-3898
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...
Moderate: ImageMagick security update
6.0.7.1-16.0.3 - update fix for CVS-2006-5456 6.0.7.1-16.0.2 - more security issues 217558, CVE-2006-5868; 192278, CVE-2006-2440 6.0.7.1-16.0.1 - fix more overflows 210921...