xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow an attacker to disclose sensitive information by manipulating the processed input data remotely...

Directory traversal

An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeedMnt/FileUploadUpd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files...

Sql injection

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...

ShareCare SQL注入漏洞

ShareCare is a clinical and financial software system of Echo Group. Echo ShareCare suffers from an SQL injection vulnerability that stems from ShareCare's susceptibility to SQL injection vulnerabilities when processing remote input from arbitrary users...

PT-2024-11333 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to two use-after-free bugs in the ibmasm init one function. In this function, ibmasm init remote input dev is called, which allocates mouse dev and keybd dev using...

ASUS GT-AC2900 authorization issue vulnerability

ASUS GT-AC2900 is a router from ASUS China.A security vulnerability exists in versions prior to ASUS GT-AC2900 devices 3.0.0.4.386.42643, which allows the administrator application to allow bypass of authentication when handling remote input from unauthenticated users, which could be exploited by...

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...

Authentication flaw

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlerequest in router/httpd/httpd.c and authche...

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...

PT-2021-19636

Name of the Vulnerable Software and Affected Versions ASUS GT-AC2900 versions prior to 3.0.0.4.386.42643 Lyra Mini versions prior to 3.0.0.4 384 46630 Description The administrator application on ASUS GT-AC2900 and Lyra Mini devices allows authentication bypass when processing remote input from a...

Allen-Bradley Flex IO Security Vulnerability

Allen-Bradley Flex IO is a remote IO suite in an industrial automation control system from Allen-bradley USA. A security vulnerability exists in Allen-Bradley Flex IO that stems from a specially crafted network request that could result in a denial of service by interrupting communication with th...

The vulnerability of the Database Vault component of the Oracle Database Server system allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Database Vault component of the Oracle Database Server system exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality and integrity of the protected information through th...

CVE-2020-24649

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

[SECURITY] Fedora 29 Update: gnome-shell-extension-gsconnect-21-2.fc29

The KDE Connect project allows devices to securely share content such as notifications and files as well as interactive features such as SMS messagi ng and remote input. The KDE Connect team maintains cross-desktop, Android and Sailfish applications as well as an interface for KDE Plasma. GSConne...

[SECURITY] Fedora 30 Update: gnome-shell-extension-gsconnect-21-2.fc30

The KDE Connect project allows devices to securely share content such as notifications and files as well as interactive features such as SMS messagi ng and remote input. The KDE Connect team maintains cross-desktop, Android and Sailfish applications as well as an interface for KDE Plasma. GSConne...

Exiv2 'Image::printIFDStructure' heap buffer overflow vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A heap buffer overflow vulnerability exists in the...

Silicon Graphics LibTIFF 'TIFFWriteDirectoryTagCheckedLong8Array' Function Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'TIFFWriteDirectoryTagCheckedLong8Array' function in...

PT-2017-3936 · Artifex +3 · Artifex Ghostscript +3

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 9.24 Description: The issue is related to the .setdistillerkeys PostScript command, which is accepted even though it is not intended for use during document processing. This leads to memory corruption,...

The vulnerability of the Cisco NX-OS network operating system, which runs on Cisco Nexus 9000 Series switches, allows a malicious actor to initiate unauthorized processes on the system.

The vulnerability of the remote input function in the network operating system of Cisco NX-OS, which operates on Cisco Nexus 9000 Series switches, arises due to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to initiate unauthorized input...