737 matches found
FreeBSD Denial of Service Vulnerability (CNVD-2020-38783)
FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from the ELF packet header parser not...
idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...
Denial of Service Vulnerability in FXOS Software and NX-OS Software Fabric Services Component for Multiple Cisco Products
Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...
Cisco FXOS and NX-OS CFS Arbitrary Code Execution Vulnerability (CNVD-2018-11965)
Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...
CVE-2018-0312
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software...
CVE-2018-8244
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook...
Microsoft Outlook elevation of privilege vulnerability (CNVD-2018-13288)
Microsoft Outlook is an e-mail client software bundled with the Office suite from Microsoft USA. The software manages e-mail, contacts, calendars, and more. An elevation of privilege vulnerability exists in Microsoft Outlook that originates from the program failing to properly validate attachment...
UBUNTU-CVE-2016-10721
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application...
Design/Logic Flaw
In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...
CVE-2018-6651
CVE-2018-6651 affects uncurl (uncurl.c) in uncurl before 0.07, as used in Parsec before 140-3. The issue is insufficient Origin header validation for WebSocket API requests (accepting an arbitrary substring match), which enables remote attackers to bypass access restrictions and, in Parsec, could...
Android Qualcomm Linux boot information disclosure vulnerability (CNVD-2017-34672)
Android on Google Pixel and Nexus is an open source Linux-based operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handheld Alliance OHA.Qualcomm Linux boot is one of the Linux boot programs. Qualcomm Linux boot is one of the Linux boot programs. An...
Debian DSA-3991-1 : qemu - security update
Multiple vulnerabilities were found in qemu, a fast processor emulator : - CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. - CVE-2017-12809 Denial of service in the CDROM device drive emulation. - CVE-2017-13672 Denial of service in VGA display emulation. - CVE-2017-13711...
CVE-2017-6613
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service DoS condition on the affected system. The vulnerability is due to...
GNU Binutils Binary File Descriptor Remote Denial of Service Vulnerability
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
Legal Robot: Cross Site WebSocket Hijacking
Description: The given URL fails to validate Origin header- leading to Cross-Site WebSocket Hijacking. Impact: The impact, however, depends on how the server is configured. For example, it might require an authentication token which are user specific. In such cases, it might not be as sever as it...
CVE-2016-9686
The Puppet Communications Protocol PCP Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2...
DEBIAN-CVE-2016-9014
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...
RubyGems: Host header Injection rubygems.org
Hi, As you are interested in any bug in rubygems.org, I thought of reporting it. The host header is not validated on rubygems.org. In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and even generate password resets links with its valu...
Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. Cisco Firepower Management Center and FireSIGHT System Software fail to properly validate fields in HTTP headers, allowing remote attackers to exploit vulnerabilities to...
IBM Connections Host Header Injection Vulnerability
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A host header injectio...