231 matches found
ROS-2-2075
2.2075 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1929
2.1929 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1993
2.1993 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to a...
ROS-2-1868
2.1868 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
SUSE-SU-2021:2953-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22930: Fixed use after free on close http2 on stream canceling bsc1188917. - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter...
SUSE-SU-2021:2823-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22930: Fixed use after free on close http2 on stream canceling bsc1188917. - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter...
OPENSUSE-SU-2021:0575-1 Security update for chromium
This update for chromium fixes the following issues: - Chromium 89.0.4389.128 boo1184700: CVE-2021-21206: Use after free in blink CVE-2021-21220: Insufficient validation of untrusted input in v8 for x8664 This update was imported from the openSUSE:Leap:15.2:Update update project...
The vulnerability of the RPD module in the JunOS operating system and JunOS Evolved allows a intruder to trigger a maintenance failure.
The vulnerability of the RPD module in the JunOS operating system and JunOS Evolved is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
SAP 3D Visual Enterprise Viewer Denial of Service Vulnerability (CNVD-2021-16366)
SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. A denial of service vulnerability exists in SAP 3D Visual Enterprise Viewer 9. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability by means of a specially crafted .PSD...
OPENSUSE-SU-2021:0274-1 Security update for nextcloud
This update for nextcloud fixes the following issues: - nextcloud was upgraded to version 20.0.7 - CVE-2020-8294: Fixed a missing link validation boo1181803 - CVE-2020-8295: Fixed a denial of service attack boo1181804 - CVE-2020-8293: Fixed an input validation issue boo1181445 This update was...
PT-2021-1935 · Cisco · Cisco Small Business Rv260W +4
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers affected versions not specified Description: The issue is related to insufficient input validation in the web-based management interface of the affected devices, allowi...
The vulnerability of the Shared Services component of the Hyperion Lifecycle Management system allows a attacker to access data for modification, addition, or deletion.
The vulnerability of the Shared Services component of the Hyperion Lifecycle Management system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP network protocol...
SUSE-SU-2020:1552-1 Security update for dpdk
This update for dpdk fixes the following issues: - CVE-2020-10722: Fixed an integer overflow in vhostusersetlogbase bsc1171930. - CVE-2020-10723: Fixed an integer truncation in vhostusercheckandallocqueuepair bsc1171925. - CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto bsc11719...
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server lies in insufficient validation of input data, allowing attackers to execute spear-phishing attacks.
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks using a specially created request sent to the...
The vulnerability of the web protection component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, and Kaspersky Security Cloud allows a malicious actor to disable certain security functions of the product, such as private browsing and antivirus protection.
The vulnerability of the web protection component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, and Kaspersky Security Cloud lies in insufficient validation of input data. Exploiting this vulnerability c...
SUSE-SU-2019:3266-1 Security update for strongswan
This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. - CVE-2018-10811: Fixed...
The vulnerability of the Qualcomm TrustZone component of the Android operating system allows a hacker to trigger a service failure.
The vulnerability of the Qualcomm TrustZone component of the Android operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a perpetrator to cause service interruptions...
About the security content of watchOS 3.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.
The vulnerability of the bcpowmod function ext/bcmath/bcmath.c in the PHP interpreter exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially have other adverse effects through specially crafted call...
Rapid Classified 3.1 search.asp SH1 Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. ...