The vulnerability of the software update function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to load any file onto a vulnerable device.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software update function NFVIS is related to errors during file signature verification. Exploiting this vulnerability could allow an attacker to load any desired file onto a vulnerable device...

CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolvefeaturevalue when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash...

Arbitrary File Read Vulnerability in Isthmus Electronic Document Security Management System

Electronic document security management system abbreviation: CDG is an electronic document security protection software. An arbitrary file read vulnerability exists in the IZP Electronic Document Security Management System. The download function somewhere in Yisetong Electronic Document Security...

The vulnerability of the bfd_getdebug_link_info_1 function in the GNU Binutils development environment allows a attacker to trigger a service failure.

The vulnerability of the bfdgetdebuglinkinfo1 function in the GNU Binutils development toolset is related to the lack of checks for the result of the strnlen function. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Linux

Drupal is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

XML Signature Wrapping Attack

pyxmlsecurity is vulnerable to XML signature wrapping attacks. A flaw in the verify function allows attackers to modify the message by injecting forged elements which do not invalidate the XML Signature...

The vulnerability of the Perl interpreter, allowing attackers to inject arbitrary code

The vulnerability of the lc, lcfirst, uc, and ucfirst functions in the Perl interpreter is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to bypass security mechanisms and inject arbitrary code due to errors related to the improper use of the taint...

USN-3064-1 gnupg vulnerability

Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output...

The vulnerability of the PHP interpreter, which allows a remote attacker to create a file with an incorrect name

A vulnerability in the PHP interpreter’s moveuploadedfile function exists due to the truncation of the path when the character \x00 is present. As a result of exploiting this vulnerability, a malicious actor can create a file with an incorrect name, circumventing the restrictions imposed on the...

The vulnerability of the Android operating system, which allows a hacker to replace the authentication message

The vulnerability of the OpenSSL Cipher.java function in the Conscrypt component of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to substitute the authentication message remotely...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the phpstrReplaceInSubject function ext/standard/string.c in the PHP interpreter is related to errors in the code. Exploiting this vulnerability allows an attacker to execute arbitrary code by entering special parameters remotely...

UBUNTU-CVE-2015-2141

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

Disucz X3.2 多处反射型XSS漏洞（函数缺陷导致）

简要描述： 某函数缺陷导致的 XSS。 详细说明： member.php?mod=logging&action=login&referer=javascript://www.discuz.net/ 欢迎您回来，Newbie xx，现在将转入登录前页面setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000;setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000; 如果您的浏览器没有自动跳转，请点击此链接...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

USN-1796-1: Linux kernel vulnerabilities

Andrew Jones discovered a flaw with the xeniret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service crash the system or gain guest OS privilege. CVE-2013-0228 Emese Revfy discovered...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

FTP Flaw Could Disable Wide Range of Servers

FTP Flaw Could Disable Wide Range of Servers An easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by...

StoneTrip Ston3D Standalone Player Code Execution Vulnerability (Linux)

This host is installed with StoneTrip Ston3D Standalone Player and is prone to Code Execution vulnerability. OpenVAS Vulnerability Test $Id: gbston3dprdtscodeexecvulnlin.nasl 4869 2016-12-29 11:01:45Z teissa $ StoneTrip Ston3D Standalone Player Code Execution Vulnerability Linux Authors: Nikita M...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

Important: Red Hat Security Advisory: php security update

Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A double-free bug was found in the deserialization code of PHP. PHP applications use the unserialize...