Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. Remediation There is no fixed version for tinyexr. References - GitHub Issue...

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...

CVE-2018-9029

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks...

CVE-2018-9029

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. Remediation There is no fixed version for tinyexr. References - Github.com - GitHub Issue...

CVE-2018-3582

Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel...

CVE-2018-1070

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard...

CVE-2018-1070

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard...

Schneider Electric U.motion Builder

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: U.motion Builder Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

Exploit for Improper Input Validation in Flexense Syncbreeze

Flexense HTTP Server Server-Enable web server on port. Module...

GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : GE Equipment : PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

Siemens SIMATIC S7-400 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SINAMIC S7-400 CPU Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-137-03 Siemens...

CVE-2018-1000168

nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...

Siemens Medium Voltage SINAMICS Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Medium Voltage SINAMICS Products Vulnerabilities : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Foxit Reader addLink Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the addLink method that can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

ALPINE-CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

UBUNTU-CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

Debian DLA-1358-1 : ruby1.9.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

CVE-2016-10436

In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD...