PT-2021-23106 · Unknown · Survey Solutions

Name of the Vulnerable Software and Affected Versions: Survey Solutions versions prior to 21.09.1 Description: The issue concerns the Headquarters application of Survey Solutions, a survey management and data collection system. In affected versions, the /metrics endpoint is published and availabl...

Denial Of Service(DoS)

OpenDMARC is vulnerable to denial of service. An insecure null termination in the function opendmarcxmlparse can result in a one-byte heap overflow in opendmarcxml which allows an attacker to parse a specially crafted DMARC aggregate report...

Debian DLA-2639-1 : opendmarc security update

It was discovered that OpenDMARC, a milter implementation of DMARC, has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a...

Design/Logic Flaw

Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on ...

The vulnerability of the rebuildAggregateFrames function in the library for reading and modifying metadata in audio files from TagLib allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the rebuildAggregateFrames function in the library for reading and modifying metadata in audio files from TagLib is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its...

Code Injection in ewels/multiqc

Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...

OpenDMARC: Heap-based buffer overflow

Background OpenDMARC is an open source DMARC implementation. Description It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending o...

GLSA-202011-02 : OpenDMARC: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-202011-02 OpenDMARC: Heap-based buffer overflow It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact : A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a...

Design/Logic Flaw

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

UBUNTU-CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

The vulnerability of the Aggregate plugin for information collection by the wiki-compiler Ikiwiki, which allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Aggregate plugin for information collection in the Ikiwiki wiki compiler arises due to server-side manipulation of requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a file with a...

March 8, 2016, update for Access 2016 (KB3114850)

March 8, 2016, update for Access 2016 KB3114850 This article describes update KB3114850 for Microsoft Access 2016, which was released on March 8, 2016. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition o...

CloudBees Jenkins Chef Sinatra Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed execution of the task . Chef Sinatra Plugin is used in on...

CloudBees Jenkins VMware Lab Manager Slaves Plugin Authorization Issue Vulnerability (CNVD-2019-30405)

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.VMware Lab Manager Slaves Plugin is used in which a plugin for controlling virtual...

Arbitrary File Read Vulnerability in ctcms

Chong Sheng Network Technology has developed Cscms Portal Content Management System, Ctcms Network Video Education Management System, Aggregate Payment, and a Multi-Merchant Entry Card Issuing Platform Management System. ctcms has an arbitrary file read vulnerability, an attacker can exploit the...

ikiwiki < 3.20170111.1, 3.2018x < 3.20190228 SSRF Vulnerability

ikiwiki is prone to a server-side request forgery SSRF vulnerability via the aggregate plugin. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

DEBIAN-CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

Server side request forgery (ssrf)

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...