1179 matches found
DEBIAN-CVE-2024-47076
CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilter...
USN-7045-1 libppd vulnerability
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used...
USN-7041-1 cups vulnerability
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used...
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
HTML Injection
Confidant is vulnerable to HTML Injection. The vulnerability is due to insufficient input validation and sanitization of user-supplied data in several endpoints of the Confidant service, allowing attackers to inject malicious scripts into the application...
The vulnerability of the cgi_FMT_R12R5_2nd_DiskMGR function in the /cgi-bin/hd_config.cgi component of D-Link routers’ microprogramming software allows a attacker to execute arbitrary code.
The vulnerability of the cgiFMTR12R52ndDiskMGR function in the /cgi-bin/hdconfig.cgi component of D-Link routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
PT-2024-8618 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: moodle affected versions not specified Description: A flaw was found in moodle due to insufficient sanitizing of data when performing a restore, which could result in a cross-site scripting XSS risk from malicious backup files. This issue...
WordPress plugin wp-eMember 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of the WriteFacMac function in the microprogramming software for Tenda FH1201 allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function in the Tenda FH1201 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
PT-2024-6554 · Unknown · Nginx Proxy Manager
Name of the Vulnerable Software and Affected Versions: NginxProxyManager version 2.11.3 Description: A command injection vulnerability in the requestLetsEncryptSslWithDnsChallenge function allows an attacker to achieve remote code execution via the "Add Let's Encrypt Certificate" feature. This...
Denial Of Service (DoS)
kurwov is vulnerable to Denial Of Service DoS. The vulnerability is due to improper sanitization within the MarkovDatagetNext method, which is utilized in both Markovgenerate and Markovchoose functions, which results in a maliciously crafted string within the dataset to bypass sanitization checks...
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
GHSA-HFRV-H3Q8-9JPR kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
CVE-2024-25047 IBM Cognos Analytics log injection
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956...
PT-2024-20717 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.2 Description: The issue is related to injection attacks in application logging due to the lack of sanitization of user-provided data. This...
(Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3323
TIBCO JasperReports Server Reflected Cross Site Scripting XSS vulnerability Original release date: April 9, 2024 Last revised: --- CVE-2024-3323 Source: TIBCO Software Inc. Products Affected TIBCO JasperReports Server versions 8.0.4 and below TIBCO JasperReports Server versions 8.2.0 and below...
CVE-2024-2613
CVE-2024-2613 affects Mozilla Firefox prior to version 124, caused by improper sanitization when decoding a QUIC ACK frame, leading to unbounded memory growth and a crash. Affected deployments in connected advisories reference Firefox
CVE-2024-2613
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...