194 matches found
Nextcloud 路径遍历漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from validating and normalizing strings in the wrong order, which can be exploited by an attacke...
SUSE CVE-2005-2691
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...
PT-2023-20176 · Nextcloud +1 · Nextcloud +1
Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 25.0.2 Nextcloud server versions prior to 24.0.8 Nextcloud server versions prior to 23.0.12 Description: The issue concerns the OCFilesNodeFolder::getFullPath function, which was validating and normalizing...
Improper Input Validation
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improper Input Validation which allow an attacker to inject disallowed values or overwrite data. Remediation Upgrade drupal/cor...
Drupal 9.2.x < 9.2.18 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.18 or 9.3.x prior to 9.3.12. It is, therefore, affected by multiple vulnerabilities: - Drupal core's form API has a vulnerability where certain contributed or custom modules' form...
DRUPAL-CORE-2022-008
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
DEBIAN-CVE-2021-44496
An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution...
OPENSUSE-SU-2022:0760-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...
Attackers can Exploit Dirty Pipe Linux Vulnerability to Overwrite Data
By Deeba Ahmed The vulnerability has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102, and patches will be released soon.… This is a post from HackRead.com Read the original post: Attackers can Exploit Dirty Pipe Linux Vulnerability to Overwrite Data...
The vulnerability of the Drupal content management system, related to insufficient validation of input data, allows a hacker to insert or overwrite arbitrary data.
The vulnerability of the Drupal content management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a hacker to insert or overwrite arbitrary data...
Input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
DRUPAL-CORE-2022-003
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
Drupal 输入验证错误漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. Drupal has a security vulnerability that stems from a flaw in the forms API of Drupal core, where certain contributed or custom module forms may be vulnerable to incorrect input validation...
PT-2022-1767 · Drupal +1 · Drupal Core +1
Name of the Vulnerable Software and Affected Versions: Drupal core affected versions not specified Description: The issue is related to insufficient input validation in the Drupal core's form API, which may allow an attacker to inject disallowed values or overwrite data. This could potentially...
CVE-2021-29632
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the syst...
CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...
Cisco Firepower Threat Defense 输入验证错误漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. An input validation error vulnerability exists in Cisco Firepower Threat Defense Software that stems from incomplete validation of user input for specific CLI commands. An...
OPENSUSE-SU-2021:3487-1 Security update for go1.16
This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data bsc1191468...