CVE-2023-2906

A vulnerability was found in Wireshark. This security issue occurs due to a failure to validate the length an attacker-crafted CP2179 packet provides. This flaw leaves Wireshark susceptible to a divide-by-zero problem, allowing a denial of service attack. Mitigation Mitigation for this issue is...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

Rockwell Automation Factory Talk VantagePoint SQL Injection Vulnerability

Rockwell Automation Factory Talk VantagePoint is an advanced industrial application ecosystem from Rockwell Automation, Inc. The SQL injection vulnerability in Rockwell Automation Factory Talk VantagePoint stems from a failure to properly validate SQL statements entered by users when retrieving...

GHSA-5R7W-PJX8-99QG JBoss KeyCloak Open Redirect

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...

CVE-2021-26326

CVE-2021-26326 describes a failure to validate VM_HSAVE_PA during SNP_INIT that can compromise memory integrity on AMD platforms. Public details in connected sources indicate the vulnerability affects AMD 3rd Gen EPYC processors (Milan) per the AMD Server Vulnerabilities bulletin AMD-SB-1021, wit...

ZOHO ManageEngine Log360 Cross-Site Scripting Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. A cross-site scripting vulnerability exists in ZOHO ManageEngine Log360, which stems from the product's failure to validate user data. An attacker could execute client-side...

Foxit Reader and Foxit PhantomPDF Arbitrary File Write Vulnerability

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...

CVE-2014-3652

CVE-2014-3652 corresponds to an open redirect vulnerability in Red Hat Keycloak (JBoss KeyCloak) caused by failure to validate the redirect URL. Affected product is Red Hat Keycloak; the vulnerability type is an open redirect. The connected documents do not provide explicit details on versions, p...

Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHDIXController interface. The issue lies...

Apple OS X IOAudioFamily Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IOAudioFamily kern...

Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

Apple OS X IOGraphicsFamily Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGraphicsFamily interface. The issue lies failu...

(0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Inktomi Search Software 3.0 Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...

Linksys WET11 - Password Update Remote Authentication Bypass

Linksys WET11 - Password Update Remote Authentication Bypass source: https://www.securityfocus.com/bid/13051/info A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password...

Linksys WET11 - Password Update Remote Authentication Bypass

source: https://www.securityfocus.com/bid/13051/info A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. An attacker may leverage this issue to...