864 matches found
CVE-2020-11999
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2020-11999
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2020-7350 Metasploit Framework Plugin Libnotify Command Injection
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
CVE-2018-20843
It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...
PT-2020-1313 · Microsoft · Update Notification Manager +1
Name of the Vulnerable Software and Affected Versions: Microsoft Update Notification Manager affected versions not specified Description: An elevation of privilege issue exists in the way the Update Notification Manager handles files. To exploit this issue, an attacker would first have to gain...
Drupal 8.8.x < 8.8.1 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - The Drupal project uses the third-party library ArchiveTar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possibl...
Memory corruption
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution...
CVE-2019-8800
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution...
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...
The vulnerability of the implementation of the .NPK-file processing mechanism in the RouterOS operating system of MikroTik allows a hacker to create arbitrary directories and execute arbitrary shell commands.
The vulnerability of the RouterOS operating system’s .NPK-file processing mechanism in MikroTik routers involves bypassing the relative path. Exploiting this vulnerability allows a malicious actor to create arbitrary directories and execute arbitrary shell commands using the malicious update...
CVE-2019-13541
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code...
The vulnerability of Microsoft Windows Defender arises from file processing errors, allowing attackers to trigger a service failure.
The vulnerability of Microsoft Windows Defender arises due to file processing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the JSON Viewer browser extension, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the JSON Viewer browser extension arises from errors in file processing. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
PYSEC-2019-40
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...
MGASA-2019-0222 Updated elfutils packages fix security vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...
PT-2019-2900 · Icedtea +4 · Icedtea-Web +4
Name of the Vulnerable Software and Affected Versions: IcedTea-Web versions 1.7.2 and 1.8.2 Description: The issue is related to the improper sanitization of paths from jar/ elements in JNLP files. This could allow an attacker to trick a victim into running a specially crafted application,...
CVE-2019-1010228
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress file dcrledec.h, line 122. The attack vector is: Many scenarios of DICOM file processing e.g. DICOM to image...
CVE-2019-1010228
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress file dcrledec.h, line 122. The attack vector is: Many scenarios of DICOM file processing e.g. DICOM to image...
CVE-2019-1010228
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress file dcrledec.h, line 122. The attack vector is: Many scenarios of DICOM file processing e.g. DICOM to image...