Mutt and NeoMutt Injection Vulnerabilities

Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers.NeoMutt is a command-line mail reader. An injection vulnerability exists in Mutt versions prior to 1.14.4 and NeoMutt versions prior to 2020-06-19. The vulnerability stems from a lack of proper validation...

The vulnerability of the wp_validate_redirect function in the WordPress content management system, related to the redirection of URLs to an unreliable website, allows attackers to gain access to sensitive data and compromise its integrity.

The vulnerability of the wpvalidateredirect function in the WordPress content management system is related to errors in URL validation and cleaning. Exploiting this vulnerability can allow a malicious actor to gain access to sensitive data and compromise its integrity...

CVE-2020-10659

Entrust Entelligence Security Provider ESP before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where for example a user continues to interact with a web site that has an invalid certificate chain...

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro Android App Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error,...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN software-defined networking system is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PHP 7.4.x < 7.4.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.27, 7.3.x prior to 7.3.14, or 7.4.x prior to 7.4.2. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow exists in mbflfiltconvbig5wchar due to an input validation error...

SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2019:3060-1)

This update for libpng16 fixes the following issues : Security issues fixed : CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when pngimagefree was called under pngsafeexecute bsc1124211. CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks bsc1141493. No...

Ratpack Input Validation Error Vulnerability

Ratpack is a Java library for building scalable HTTP applications. An input validation error vulnerability exists in Ratpack versions prior to 1.7.5, which can be exploited to conduct http response splitting attacks by constructing HTTP headers with untrusted data...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the OpenSSL library, related to errors in the certificate validation process, allows attackers to compromise the integrity of data.

The vulnerability of the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the Cisco Identity Services Engine ISE web interface is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...

The vulnerability of Microsoft Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Hyper-V hardware virtualization technology in the Windows operating system is related to errors during the validation of input data on the host server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to input validation errors. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries by sending specially...

The vulnerability of the synchronization identifier application in the Cisco Directory Connector lies in errors in the path validation mechanism, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the application for synchronizing identifiers in the Cisco Directory Connector is related to errors in the mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

CVE-2019-12347

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acmeaccountkeysedit.php action. The vulnerability occurs due to input validation errors...

CVE-2019-4071

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063...

Apple Safari < 12.0.3 Multiple Vulnerabilities

Binary data 700508.prm...

GLSA-201903-02 : Zsh: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201903-02 Zsh: User-assisted execution of arbitrary code Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the second line...