114 matches found
The vulnerability of the Ansible configuration management system, related to insecure temporary files, allows a hacker to access confidential data.
The vulnerability of the Ansible configuration management system is related to insecure temporary files. Exploiting this vulnerability could allow an attacker to access confidential data...
CVE-2021-44041
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...
CVE-2020-16030
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
DEBIAN-CVE-2020-8620
In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
SQL Injection Vulnerability in Thunderwind Movie Ne***.php Page
Thunderwind CMS is a video-on-demand system developed with Thinkphp framework + Mysql. Thunderwind Movie Ne.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in seacms backend ad***_da***.php file
seacms ocean film and television management system, ocean cms is based on PHP + MySql technology development of video on demand system. seacms background adda.php file SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...
DEBIAN-CVE-2019-16224
An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
UBUNTU-CVE-2019-16227
An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
UBUNTU-CVE-2019-16226
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
PT-2019-14588
Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97 Description An issue was discovered in py-lmdb where for certain values of mp flags, mdb page touch does not properly set up mc-mc pgmc-top, leading to an invalid write operation. This issue occurs when accessing a data.md...
Cisco Industrial Network Director Encryption Issue Vulnerability
Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cryptographic issue vulnerability exists in the Web Services Management Agent WSMA feature in Cisco IN...
UBUNTU-CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...
Citrix SD-WAN and NetScaler SD-WAN Information Disclosure Vulnerabilities
Citrix SD-WAN and NetScaler SD-WAN are both software-defined WAN solutions from Citrix Systems USA. The products support real-time path selection, edge routing, stateful firewalls, end-to-end Qos and WANs. An information disclosure vulnerability exists in Citrix SD-WAN and NetScaler SD-WAN, which...
Override Access Vulnerability in the Swish Open App
Swish and Drive App is a rental car for traveling. A vulnerability exists in Swish and Drive APP. An attacker can gain access to sensitive information by grabbing packets and modifying IDs...
IBM Campaign Information Disclosure Vulnerability
IBM Campaign formerly known as Unica Campaign is a management solution from IBM in the United States used to help marketers design, execute, measure, and optimize marketing advertising. A security vulnerability exists in IBM Campaign that stems from the client containing too much detailed...