569 matches found
PlayStation: Unrestricted access to quiesce functionality in dss.api.playstation.com REST API leads to unavailability of application
Report Summary ---- Unrestricted access to the quiesce function via a PUT request to https://dss.api.playstation.com/api/application/state makes the application unreachable for an uncertain amount of time. Steps To Reproduce ---- Reproduction method 1 + Burp Suite is the program required for the...
CVE-2020-6358
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6359
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6344
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6343
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6339
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6322
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6328
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
Input validation
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
Input validation
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
Input validation
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
Input validation
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6359
SAP 3D Visual Enterprise Viewer (version 9) is affected by a PLT file parsing issue. The root cause is insufficient validation of the length of user-supplied data copied to a stack buffer, enabling a stack-based buffer overflow. This can allow remote code execution when a user opens a crafted PLT...
CVE-2020-6358
CVE-2020-6358 affects SAP 3D Visual Enterprise Viewer (version 9). Connected sources describe a vulnerability in the FBX file parsing path caused by improper input validation, leading to an out-of-bounds write that can crash the target process and, per ZDI, enable remote code execution. Exploitat...
CVE-2020-6351
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6347
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
CVE-2020-6337
CVE-2020-6337 affects SAP 3D Visual Enterprise Viewer (version 9). The issue is described as an HDR file parsing/input handling flaw caused by improper input validation, leading to a crash and temporary unavailability, with some sources noting potential memory corruption and remote code execution...
CVE-2020-6314
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
Directory Traversal in nhouston
All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory. Recommendation It is recommended that a different module be used, as we have been unable to reacher the maintainer...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...