Cache Poisoning

check-jsonschema is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of schema caching, where the basename of a remote schema URL is used as the cache filename. This allows attackers to insert malicious schemas into the cache via schema URL conflicts, potentially causi...

Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of...

Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code...

Netgear R6900 Buffer Overflow Vulnerability

The Netgear R6900 is a wireless router from NETGEAR. The Netgear R6900 suffers from a buffer overflow vulnerability that originates from the parameter Content-Length in the file upgradecheck.cgi that fails to properly validate the length of the input data, which can be exploited by an attacker to...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation, USA. A buffer error vulnerability exists in Horner Automation Cscape version 10.0.363.1 and prior versions, which stems from improper validation of user-supplied data and...

Veritas Enterprise Vault MobileHTMLView Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

The vulnerability of the tipc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the tipc component in the Linux operating system’s kernel is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient validation checks, which allow an attacker to fetch the list of course badges for courses they are not authorized to access...

The vulnerability of microprogrammed software in embedded network control controllers for building automation systems, such as ASPECT Enterprise, NEXUS Series, and MATRIX Series, arises from improper validation of certain types of input data. This allows unauthorized access by attackers to the device.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper validation of certain types of input data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized acces...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from improper validation of certain types of input data. This allows attackers to gain access to the project’s backup copies.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series buildings is related to improper validation of certain types of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain...

CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51550 Data Validation / Sanitization

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51550 Data Validation / Sanitization

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51550

CVE-2024-51550 affects ABB ASPECT, NEXUS Series, and MATRIX Series (firmware up to 3.08.02). The vulnerability arises from Data Validation / Data Sanitization issues in Linux, allowing unvalidated data injection into an Aspect device. Connected sources document a Remote Code Execution path: an au...

ABB ASPECT 安全漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that stems from a data validation vulnerability contained in Linux...

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The development kit accesses data in .dwg and .dgn through a convenient, object-oriented API, providing a C++ API, support for repairing files, .NET, JAVA, and Python...

The vulnerability of the qca component in the Linux operating system’s kernel allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the qca component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service attack...