46 matches found
CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...
Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds function. The issue results from the...
CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...
DRUPAL-CONTRIB-2025-058
This module enables you to add the Piwik Pro web statistics tracking system to your website. The module does not check the JS code that is loaded on the website. So a user with the "Administer Piwik Pro" permission could configure the module to load JS from a malicious website. This vulnerability...
UBUNTU-CVE-2025-3522
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format.
...
openshift: OCP & FIPS mode
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...
openshift: OCP & FIPS mode
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...
Upgraded Q -> 3 from #88 [1679874647648]
Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-2 Invalid and stale prices from Synthethix are not validated --- The text was updated successfully, but these errors were encountered: All reactions...
Qibosoft 跨站脚本漏洞
Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...
CVE-2021-38573
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated...
CVE-2020-11294
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...
Design/Logic Flaw
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...
CVE-2020-29443
ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...
Microsoft Office 代码问题漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office suffers from a code issue vulnerability that stems from the program not properly validatin...
kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the allocworkqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system...
CVE-2020-12144 The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal...
CVE-2018-6633
In Micropoint proactive defense software 2.0.20266.0146, the driver file mp110005.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038...
Null pointer dereference
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they...
CVE-2017-11379
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1...