124 matches found
CVE-2021-30262
Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
The vulnerability of the application-level SIP ALG operating system Juniper Networks Junos routers of the MX and SRX series allows attackers to compromise the integrity of protected information.
The vulnerability of SIP application-level ALG operating systems running on Juniper Networks Junos routers of the MX and SRX series lies in insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of protected...
SUSE CVE-2015-3146
The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not using or validating the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
Input validation
A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...
CVE-2017-13907
A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...
Qualcomm Chipsets 资源管理错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in multiple Qualcomm products, which stems from an incorrect validation of the socket state when sending socket events to a client could result in invalid memory access. The...
PT-2021-6003 · Foxit · Foxit Phantompdf +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PhantomPDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...
Design/Logic Flaw
Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...
CVE-2021-1971
CVE-2021-1971 affects Qualcomm closed-source components in Snapdragon SoCs, arising from a lack of physical layer state validation leading to possible assertion. The exposure spans Snapdragon Auto/Compute/Connectivity/Consumer Electronics Connectivity/Industrial IOT/ Mobile/Wired Infrastructure, ...
CVE-2021-30904
A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage...
CVE-2021-30904
A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage...
CVE-2021-30904
CVE-2021-30904 affects macOS Monterey 12.0.x in the Apple Messages sync flow. The issue is a sync/state validation bug that could allow a user’s messages to continue syncing after signing out of iMessage. Apple fixed this in macOS Monterey 12.0.1 (per HT212869). Connected feeds corroborate the de...
Input validation
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is n...
CVE-2021-0513
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is n...
CVE-2021-30177
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...
FreeBSD -- SAE confirm missing state validation
Problem Description: When hostapd is used to operate an access point with SAE Simultaneous Authentication of Equals; also known as WPA3-Personal, an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm messag...
Design/Logic Flaw
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...