356 matches found
Google Android Media Framework Denial of Service Vulnerability (CNVD-2019-40855)
Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. A denial of service vulnerability exists in Media framework in Android. An attacker can exploit this vulnerability to...
Django input validation error vulnerability (CNVD-2019-35879)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. An input validation error vulnerability exists in Django. An attacker can exploit this vulnerabili...
The vulnerability of the Microsoft Common Object Runtime Library on the Microsoft .NET Framework software platform allows a perpetrator to cause a service failure.
The vulnerability of the Microsoft Common Object Runtime Library in the Microsoft .NET Framework is related to errors in handling web requests. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests...
The vulnerability of the ASP.NET Core software platform, related to errors in request processing, allows a hacker to cause a service failure.
The vulnerability of the ASP.NET Core software platform is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests to the ASP.NET Core application...
dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980...
Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability
Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header...
5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11002 via materialize-css (>=0.100.2 <=1.0.0)
materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11002 Source advisory: OSV:GHSA-98F7-P5RC-JX67...
F5 Networks BIG-IP : REST Framework vulnerability (K11818407)
The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide clues to an attacker looking to...
The vulnerability of the search function in the Microsoft .NET Framework allows a perpetrator to access confidential information.
The vulnerability of the search function in the Microsoft .NET Framework lies in the lack of authentication for the HTTP requests that are executed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information through a specially crafte...
The vulnerability of the Web framework component of the Cisco IOS XE operating system allows a hacker to trigger a service failure.
The vulnerability of the Web framework component of the Cisco IOS XE operating system arises due to errors in parsing HTTP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted HTTP packet...
Microsoft .NET Framework Remote Code Execution Vulnerability (CNVD-2018-15850)
Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...
Cross site scripting
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
Cross site scripting
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
Directory traversal
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16194
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Cisco Unified Communications Manager Information Disclosure Vulnerability
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...
PYSEC-2017-40
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...
DEBIAN-CVE-2017-14767
The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...
PT-2017-12423 · Cisco · Cisco Unified Intelligence Center
Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center Software affected versions not specified Description: A vulnerability in the web framework code could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of t...
CVE-2017-0720
A remote code execution vulnerability in the Android media framework libhevc. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213...