Magento 2 Community Edition XML Injection

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

ROS-20220516-11

Vim text editor vulnerability is related to NULL pointer dereferencing error in function vimregexecstring in regexp.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into accessing the Vim text editor. remotely, trick the victim into opening a speciall...

Damon data exchange platform has a logic flaw vulnerability

Ltd. is a general-purpose, platform-based data integration product with independent intellectual property rights based on more than ten years of data processing experience. There is a logic flaw vulnerability in Damon Data Exchange Platform, which can be used by attackers to obtain sensitive...

GHSA-WC97-7623-RXWX Multiple components in Apache NiFi do not restrict XML External Entity references

Apache NiFi is a system to process and distribute data. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML...

Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

Unspecified Vulnerability in Apache NiFi (CNVD-2022-33109)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A security vulnerability exists in Apache NiFi that stems from the fact that when creating or updating credentials...

CVE-2021-43636

Two Buffer Overflow vulnerabilities exists in T10 V2Firmware V4.1.8cu.5207B20210320 in the httprequestparse function when processing host data in the HTTP request process...

CVE-2021-43636

CVE-2021-43636 affects TotoLink T10 V2_Firmware V4.1.8cu.5207_B20210320, with two buffer overflow vulnerabilities in the http_request_parse function when processing host data in HTTP requests. Exploitation details, affected versions beyond the listed firmware, and concrete attack vectors are not ...

German Government Warns Against Using Russia's Kaspersky Antivirus Software

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security BSI against using the company's security solutions in the country over "doubts about the reliability of the manufacturer." Calling that the decision was made on...

Command execution vulnerability exists in DMETL5 development version of Wuhan Damon Database Co.

Damon Data Exchange Platform DMETL for short is a data processing and integration platform with independent copyright developed by Wuhan Damon Database Co. Ltd. DMETL5 development version has a command execution vulnerability, which can be exploited by attackers to gain control of the server...

Undesired behavior

Lines of code Vulnerability details You push a parameter into an array of tokens without checking if it's already exists. And if at first it's added with amount 0 it can later on be pushed with a greater amount and be twice in the array. Then in all processing it will consider the first occurrenc...

Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

ROS-20220114-02

Vulnerability in Mozilla Thunderbird email client, related to memory usage after memory freeing due to a race condition when playing audio files. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted audio shell, trigger a post-release usage error...

Huawei HarmonyOS data processing error-type vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS is vulnerable to a data processing error type vulnerability that could be exploited by an attacker to cause an application to crash...

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks...

CVE-2021-39983

The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart...

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks...