36 matches found
Mitel MiVoice Business Express 安全漏洞
Mitel MiVoice Business Express is a real-time communications solution from Mitel Canada. A security vulnerability exists in Mitel MiVoice Business version 9.3 PR1 and earlier and MiVoice Business Express version 8.0 SP3 PR3 and earlier, which stems from insufficient validation of URL parameters. ...
CVE-2020-12929
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...
Design/Logic Flaw
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...
CVE-2020-12929
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...
CVE-2020-12929
CVE-2020-12929 affects the AMD Graphics Driver for Windows 10. It is caused by improper parameter validation in some trusted PSP applications, enabling a local attacker to bypass security restrictions and achieve arbitrary code execution. According to AMD’s bulletin, this CVE is mitigated in Rade...
MGASA-2021-0219 Updated libx11 packages fix a security vulnerability
XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...
Hardcoded credentials
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...
CVE-2020-9242
FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack...
Input validation
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affect...
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...
CVE-2017-17176
The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156,...
Design/Logic Flaw
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120C212; The versions before ALP-L09 8.0.0.127C900; The versions before ALP-L09 8.0.0.128402/C02/C109/C346/C432/C652 has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker...
Local Privilege Escalation in the Management Web Interface
A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
Microsoft Windows Win32 API fails to properly validate function parameters
Overview The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Win32 API is a set of application programming interfaces for the...
Avahi privilege escalation
Insufficient Netlink parameters validation allow to manipulate server parameters...