CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...

CVE-2020-6260

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

Input validation

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

[SECURITY] [DSA 4606-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...

Directory traversal

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit thi...

Debian DSA-4445-1 : drupal7 - security update

It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-007. C...

[SECURITY] [DSA 4445-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4445-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

Debian DSA-4114-1 : jackson-databind - security update

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. C Tenable Network Security, Inc. Th...

Input validation

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability

A vulnerability in the Stream Control Transmission Protocol SCTP decoder of the Cisco NetFlow Generation Appliance NGA could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service DoS condition. The vulnerability is due to...

Cisco AnyConnect Secure Mobility Client 4.2.x < 4.2.5015.0 / 4.3.x < 4.3.2039.0 Privilege Escalation Vulnerability

The version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is 4.2.x prior to 4.2.5015.0 or 4.3.x prior to 4.3.2039.0. It is, therefore, affected by a privilege escalation vulnerability due to incomplete validation of path names and file names at installation time....

Debian DSA-3397-1 : wpa - security update

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...

Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Validation Vulnerability

A vulnerability in certificate validation for Autonomic Networking Infrastructure ANI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to masquerade as another device. The vulnerability is due to incomplete certificate validation. An attacker could exploit this vulnerabili...

Microsoft Windows IPv6 Denial of Service Vulnerability (2904659)

This host is missing a important security update according to Microsoft Bulletin MS14-006. OpenVAS Vulnerability Test $Id: secpodms14-006.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows IPv6 Denial of Service Vulnerability 2904659 Authors: Veerendra GG Copyright: Copyright C 2014 SecPod,...

Wolfram Research webMathematica 4.0 - File Disclosure

source: https://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied input. A file disclosure vulnerability...