EUVD-2025-204534

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...

SUSE CVE-2013-2274

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report...

PT-2020-4942 · Trustwave +2 · Opendmarc +2

Name of the Vulnerable Software and Affected Versions: OpenDMARC versions 1.3.2 and 1.4.x through 1.4.0-Beta1 Description: The issue is related to improper null termination in the opendmarc xml parse function, which can result in a one-byte heap overflow in opendmarc xml when parsing a specially...

Design/Logic Flaw

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

Debian: Security Advisory (DLA-1774-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18986

LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution...

CVE-2018-18988

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash...

LAquis SCADA out-of-bounds write vulnerability (CNVD-2019-02386)

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. An out-of-bounds write vulnerability exists in LCDS LAquis SCADA version...

LAquis SCADA Input Validation Vulnerability

LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. An input validation vulnerability exists in LAquis SCADA version 4.1.0.3870, which can be exploited by an attacker to execute code with the help of a specially crafted report formatted file, disclose data or cause a...

DEBIAN-CVE-2017-7273

The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service integer underflow or possibly have unspecified other impact via a crafted HID report...

Cross site scripting

Cross-site scripting XSS vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request...

CVE-2014-0825

Cross-site scripting XSS vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request...

CVE-2013-4957

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type...

Code injection

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type...

CVE-2013-0473

Multiple cross-site scripting XSS vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report...

CVE-2013-2274

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report...

CVE-2013-2274

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report...