86 matches found
Microsoft SharePoint Server 2019 build < 16.0.10350.20000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Microsoft SharePoint. - A spoofing vulnerability exists in Microsoft SharePoint when it...
Microsoft SharePoint Server 2016 build < 16.0.4900.1000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Microsoft SharePoint. - A spoofing vulnerability exists in Microsoft SharePoint when it...
Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-31240)
NETGEAR WNR3500L and others are products of NETGEAR.WNR3500L is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR D6200 is a wireless modem.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless router.NETGEA...
CVE-2019-1296
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295...
CVE-2019-1296
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295...
Remote code execution
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295...
CVE-2019-1295
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqliescaperealstring for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these...
Input validation
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqliescaperealstring for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these...
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqliescaperealstring for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these...
MISP Cross-Site Scripting Vulnerability (CNVD-2020-22366)
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability. The vulnerability stems from a lac...
Eclipse OpenJ9 code injection vulnerability
Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A code injection vulnerability exists in AIX builds in Eclipse OpenJ9 versions prior to 0.15.0. The vulnerability stems from a networked system or product that does not...
PYSEC-2019-153
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...
CVE-2017-1002157
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...
QEMU 'b/nbd/server.c' stack buffer overflow vulnerability
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. QEMU 'b/nbd/server.c' suffers from a stack buffer overflow vulnerability, which originates from the program failing to properly perform bounds...
CVE-2017-14075
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
MGASA-2017-0164 Updated ansible packages fix security vulnerability
It was found that aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key CVE-2016-8614. It is reported that in Ansible, under some circumstances the mysqluser module...
Pivotal Spring Web Flow Remote Code Execution Vulnerability
Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...
CVE-2017-7247
Multiple Cross-Site Scripting XSS were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data torrents, size passed to the 'Gazelle-master/sections/tools/managers/multiplefreeleech.php' URL. An attacker could execute arbitrary HTML...