Shimo VPN Helper Tool disconnectService denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. Teste...

Shimo VPN helper tool writeConfig privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:1196-1 Rating: moderate References: 1120653 1120654 1120656 1120659 1124341 1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020...

The vulnerability of Google Chrome browser, related to improper input data validation, allows a malicious actor to execute arbitrary JavaScript code.

The vulnerability of Google Chrome is related to errors in event handling by Apple. Exploiting this vulnerability can allow an attacker to execute JavaScript code...

The vulnerability of Google Chrome, related to improper input data validation, allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome is related to an incorrect optimization assumption in the V8 module. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in a isolated software environment, using a specially created HTML page...

Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability (CNVD-2019-09614)

Azure DevOps Server, formerly known as Team Foundation Server TFS, is a locally hosted set of collaborative software development tools.Azure DevOps Server integrates with existing IDEs or editors to enable cross-functional teams to effectively handle projects of all sizes.Team Foundation Server i...

CVE-2018-11830

Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A...

CVE-2018-11830

Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A...

Rockwell Automation Stratix 5950

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Stratix 5950 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause an...

CVE-2018-4434

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2...

Exploit for Improper Input Validation in Python Python-Gnupg

Summary It is a simple PoC of Improper Input Validation in py...

GHSA-Q2XP-75M7-GV52 Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction DNS, as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL...

Improper Input Validation python-gnupg

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

GHSA-2FCH-JVG5-CRF6 Improper Input Validation python-gnupg

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.6.12, 6.7.x prior to 6.12.3, 6.13.x prior to 6.13.3, or 6.14.x prior to 6.14.2. It is, therefore, affected by the following vulnerabilities : - A server-side request forger...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

Input validation

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

PYSEC-2019-115

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

PYSEC-2019-115

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...