5839 matches found
CVE-2022-4235
RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...
Design/Logic Flaw
RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability exists due to improper data validation in the library, allowing an attacker with update dataset permission to change a dataset link to an untrusted site and redirect to the malicious URLs by clicking on a specific dataset...
CVE-2022-4235
RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...
CVE-2023-0040
CVE-2023-0040 affects Async HTTP Client prior to 1.13.2. The root cause is insufficient validation of HTTP header field values, enabling CRLF injection that can inject new HTTP header fields or requests into the data stream. Impact described in the connected documents notes that remote servers ma...
CVE-2022-4235
RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...
Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
SAMSUNG Gear IconX PC Manager 数据伪造问题漏洞
SAMSUNG Gear IconX PC Manager is used to transfer music files from PC to Gear IconX by Samsung South Korea. A security vulnerability exists in SAMSUNG Gear IconX PC Manager versions prior to 2.1.221019.51, which stems from insufficient validation of data authenticity. An attacker could exploit th...
Chromium: CVE-2022-4190 Insufficient data validation in Directory
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2022-41968
Nextcloud Server vulnerability CVE-2022-41968: calendar name lengths were not validated before writing to the database, affecting versions prior to 23.0.10 and 24.0.5. Patches are available in 23.0.10 and 24.0.5; no public workarounds are documented. Connected advisories corroborate the issue as ...
Calendar name length not validated before writing to database
None...
DEBIAN-CVE-2022-4190
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4190
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4190
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4190
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...
Input validation
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient data validation in Directory. An attacker can exploit this vulnerability to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2023-04547)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient data validation in Directory. An attacker can exploit this vulnerability to bypass security restrictions...