71 matches found
The vulnerability of My Cloud OS, a network storage operating system, allows a perpetrator to execute arbitrary commands.
The vulnerability of My Cloud OS network storage systems is related to the lack of measures for data cleanup at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the bs_SetLimitCli_info function in the /lib/libshare-0.0.26.so library of the LB-LINK router software allows a attacker to gain full access to the device.
The vulnerability of the bsSetLimitCliinfo function in the /lib/libshare-0.0.26.so file of the LB-LINK router software is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper protection of an alternative path, allowing a attacker to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
node-puppet-facter 安全漏洞
node-puppet-facter is an open source Node.JS module for Facter by OlinData. A security vulnerability exists in puppet-facter that stems from the getFact function not properly cleaning up data data...
The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk, related to the lack of measures taken at the management level to clean data, allows a malicious actor to execute arbitrary commands on behalf of the root user.
The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user remotely...
The vulnerability of Mozilla Firefox and Mozilla Firefox ESR browsers for Windows, related to the lack of measures taken to clean data at the operating level, allows attackers to execute arbitrary commands.
The vulnerability of Mozilla Firefox and Mozilla Firefox ESR browsers for Windows is related to the lack of measures taken to clean data at the operating level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.
The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
WordPress plugin Name Directory 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Name Directory versions prior to 1.25.4 are vulnerable to cross-site request forgery, which...
The vulnerability of Sysdig Event analyzer, a traffic analysis tool for computer networks used by Wireshark, allows a hacker to cause a service failure.
The vulnerability of the Sysdig Event analyzer, a traffic analysis tool for computer networks, Wireshark, is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to cause service...
Eclipse Wakaama 缓冲区错误漏洞
Eclipse Wakaama is a C-based, open source implementation of the OMA LWM2M protocol from the Eclipse Foundation. A buffer error vulnerability exists in Eclipse Wakaama versions 2021-01-14 and earlier, which stems from the CoAP parsing code failing to properly clean up data received over the networ...
The vulnerability in the built-in RDoc documentation generator for the Ruby programming language allows a perpetrator to execute arbitrary commands.
The vulnerability of the RDoc documentation generator for the Ruby programming language is related to the lack of measures taken to clean up data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
PekeUpload 跨站脚本漏洞
PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a...
Apache Superset up和Apache Superset 跨站脚本漏洞
A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...
The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken at the management level to clean up data. This allows attackers to execute arbitrary code.
The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken at the management level to clean up data. This allows attackers to execute arbitrary code.
The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Brackets text editor, related to the lack of measures taken at the control level to clean up data, allows attackers to execute arbitrary commands.
The vulnerability of the Brackets text editor is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...
The vulnerability of the Zabbix universal monitoring system, related to improper cleaning of user data in the “hostinventoriesoverview.php” script, allows a hacker to execute arbitrary SQL commands.
The vulnerability of the Zabbix universal monitoring system is related to improper cleaning of user data in the script “hostinventoriesoverview.php”. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending specially crafted queries remotely...
The vulnerability of the Adobe Photoshop graphic editor lies in the lack of measures taken at the control level to clean up data, allowing a hacker to execute arbitrary code.
The vulnerability of the Adobe Photoshop graphic editor is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
MISP 安全漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics, and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.144, which stems from the fact that...
Nextcloud: Webauthn tokens are not removed on user deletion
userA has an account on serverA 2. userA enables passwordless login webauthn and registers a key/device 3. userA is removed from the system 4. a new user comes along and gets assigned userA as id 5. the old userA tries to login with their key 6. the old userA can see all data of the new userA...