CVE-2020-9000

An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources triggering a deni...

Microsoft Windows Defender Multiple RCE Vulnerabilities (Jul 2021)

This host is missing a critical security update according to Microsoft Security Updates released for Microsoft Windows Defender Protection Engine dated 13-07-2021. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Foxit PhantomPDF 缓冲区错误漏洞

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A memory corruption vulnerability exists in Foxit PhantomPDF when processing U3D objects in PDF files. The vulnerability stems from the program not properly validating user input. An attacker could exploit this vulnerability t...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Unified Communications Manager IM & Presence Service web interface is related to input validation errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Apple Mac OS X Security Updates (HT212147)-02

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Android Titan-M Component Input Validation Error Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA in the U.S. Titan-M is one of the security components. A security vulnerability exists in the Titan-M component of Google Android. An attacker can exploit the vulnerability to elevate privileges...

Mutt and NeoMutt Injection Vulnerabilities

Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers.NeoMutt is a command-line mail reader. An injection vulnerability exists in Mutt versions prior to 1.14.4 and NeoMutt versions prior to 2020-06-19. The vulnerability stems from a lack of proper validation...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN software-defined networking system is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PHP 7.4.x < 7.4.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.27, 7.3.x prior to 7.3.14, or 7.4.x prior to 7.4.2. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow exists in mbflfiltconvbig5wchar due to an input validation error...

SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2019:3060-1)

This update for libpng16 fixes the following issues : Security issues fixed : CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when pngimagefree was called under pngsafeexecute bsc1124211. CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks bsc1141493. No...

Ratpack Input Validation Error Vulnerability

Ratpack is a Java library for building scalable HTTP applications. An input validation error vulnerability exists in Ratpack versions prior to 1.7.5, which can be exploited to conduct http response splitting attacks by constructing HTTP headers with untrusted data...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the Cisco Identity Services Engine ISE web interface is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...

The vulnerability of Microsoft Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Hyper-V hardware virtualization technology in the Windows operating system is related to errors during the validation of input data on the host server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to input validation errors. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries by sending specially...

CVE-2019-12347

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acmeaccountkeysedit.php action. The vulnerability occurs due to input validation errors...

Apple Safari < 12.0.3 Multiple Vulnerabilities

Binary data 700508.prm...

GLSA-201903-02 : Zsh: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201903-02 Zsh: User-assisted execution of arbitrary code Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the second line...