5256 matches found
Input validation
Philips Interventional Workspot Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live Release 1.0, ViewForum Release 6.3V1L10. The software constructs all or part of an OS command using externally influenced input from an upstream component but does no...
insert_many can drop elements twice on panic
Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...
Zen Cart 操作系统命令注入漏洞
Zen Cart is an open source, free shopping mall system , used to build a professional online store . A remote code execution vulnerability exists in Zen Cart 1.5.7b. The vulnerability can be exploited by an administrator to execute arbitrary OS commands by inspecting HTML radio input elements and...
The vulnerability in the Trend Micro InterScan Web Security Virtual Appliance exists due to the failure to take measures to eliminate certain special elements used in the operating system. This allows attackers to execute arbitrary code.
The vulnerability of Trend Micro InterScan Web Security Virtual Appliance exists due to the lack of measures taken to neutralize special elements used in the operating system’s command chain. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of NETGEAR’s integrated software lies in its ability to allow a hacker to execute arbitrary commands.
The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s embedded software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.
The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the QTS and QuTS operating systems lies in the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary code.
The vulnerability of the QTS and QuTS operating systems is related to the lack of measures taken to neutralize special elements used in the OS command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of NETGEAR’s embedded software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.
The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of NETGEAR’s integrated software lies in its ability to allow a hacker to execute arbitrary commands.
The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
MISP 跨站脚本漏洞
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates in...
The vulnerability in the implementation of the Strict Transport Security (HSTS) mechanism of the Mozilla Firefox browser allows a perpetrator to compromise the integrity of data.
The vulnerability of the Strict Transport Security HSTS mechanism implemented by Mozilla Firefox is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the...
The vulnerability of Firefox, Firefox ESR, and the Thunderbird email client relates to the use of freed resources during manipulation of HTML media elements. This allows an attacker to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client is related to the use of media elements after liberation, when manipulating them. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to information and compromise i...
The vulnerability of the Cisco Jabber software platform for Windows lies in the insufficient neutralization of special elements used in operating system commands, allowing a hacker to execute arbitrary code.
The vulnerability of the Cisco Jabber for Windows software platform is related to errors in insufficient neutralization of special elements used in operating system commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
GitLab: Stored XSS in repository file viewer
Summary There exists XSS in swagger-ui version used in GitLab open API viewer. The XSS exists due to the old version of DOMpurify used in swagger-ui that allows an attacker can inject any HTML elements with any attributes except script tag on the page. The XSS in POC requires 1 click anywhere on...
CVE-2020-35904
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...
DEBIAN-CVE-2020-35904
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...
Authentication flaw
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...
CVE-2020-35904
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...
UBUNTU-CVE-2020-35904
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...
CVE-2020-35904
CVE-2020-35904 affects the Rust crate crossbeam-channel prior to version 0.4.4. The issue is an incorrect assumption about the relationship between memory allocation and the number of elements produced by an iterator, leading to unsound behavior when the Vec is reconstructed from a raw pointer ba...