Rockwell Automation Stratix Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service (CVE-2016-6384)

A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message...

1E Platform Security Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in prior versions of 1E Platform-Exchange Product Pack-End-User Interaction 23 that stems from not properly validating the Caption or Message parameters, allowing an attacker to execute...

Denial Of Service (DoS)

nodebb is vulnerable to Denial Of Service. The vulnerability is due to the onMessage function in index.js as there is no validation when passing messages to the eventName.startsWith or eventName.toString methods, which can result in an application crash when the message contains an array or objec...

Cross site scripting

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket...

CVE-2023-0325

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket...

SAML authentication fails with PingFed IdP with error "There was a failure with the mapped account"

Users get the error: "There was a failure with the mapped account" when attempt to login to StoreFront URL after configuring SAML authentication on the StoreFront server with PingFed IdP When checked the Citrix Delivery Services event logs from SF, we see below error: The security token failed...

SUSE CVE-2011-3079

The Inter-process Communication IPC implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors...

SUSE CVE-2013-2178

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...

SUSE CVE-2017-1000121

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products...

GSD-2023-1000247 tipc: re-fetch skb cb after tipc_msg_validate

tipc: re-fetch skb cb after tipcmsgvalidate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.158 by commit...

Zoom Client for Meetings < 5.6.3 Vulnerability (ZSB-21002)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.6.3. It is, therefore, affected by a vulnerability as referenced in the ZSB-21002 advisory. - A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5.6.3. This...

EqualWeb Accessibility Widget 跨站脚本漏洞

The EqualWeb Accessibility Widget is an accessibility widget from EqualWeb. A security vulnerability exists in the EqualWeb Accessibility Widget, which stems from an incorrect validation of message events in its accessibility.js component that could allow an attacker to implement DOM-based...

CVE-2020-36602

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...

CVE-2020-36602

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...

PT-2022-15240 · Qualcomm · Qualcomm Snapdragon Auto

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto affected versions not specified Description: The issue is related to memory corruption in the multimedia component due to an improper check on received messages. Recommendations: At the moment, there is no information...

CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

OPENSUSE-SU-2021:1102-1 Security update for linuxptp

This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. bsc1187646 This update was imported from the SUSE:SLE-15:Update update project...

CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius3 could allow malicious clients or servers to trigger denial of service i...

CVE-2021-29629

The CVE-2021-29629 issue affects FreeBSD and is caused by missing message validation in libradius(3). Affected versions include 11.4-STABLE before r369866, 12.2-STABLE before r369859, 13.0-STABLE before n245765-bec0d2c9c841, and corresponding releases before p1/p7/p10. The underlying flaw stems f...

CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius3 could allow malicious clients or servers to trigger denial of service i...