ICSA-18-107-03_Rockwell Automation Stratix Services Router

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix 5900 Services Router Vulnerabilities : Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,...

Exploit for Improper Input Validation in Drupal

It is an offensive tool for Drupal. This repository contains a p...

CVE-2017-13252

The CVE (CVE-2017-13252) affects Android 8.0 and 8.1 via CryptoHal::decrypt in CryptoHal.cpp, where improper input validation causes an out-of-bounds write and a read from uninitialized memory. This yields local elevation of privilege with no extra execution privileges required, and exploitation ...

Input validation

In configsetstring of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

CVE-2017-13284

In configsetstring of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

CVE-2017-16772

Synology Photo Station (before versions 6.8.3-3463 and 6.3-2971) contains an input validation vulnerability in the SYNOPHOTO_Flickr_MultiUpload component. This flaw allows remote authenticated users to execute arbitrary code via the prog_id parameter. Root cause: improper input validation within ...

Sanitize vulnerable to Improper Input Validation and Cross-site Scripting

When Sanitize = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to...

GHSA-7F42-P84J-F58P Sanitize vulnerable to Improper Input Validation and Cross-site Scripting

When Sanitize = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to...

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Out-of-bounds

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msmflashsubdevdoioctl of drivers/media/platform/msm/camerav2/sensor/flash/msmflash.c, there is a possible out of bounds read if flashdata.cfgtype is CFGFLASHINIT due to improper inpu...

CVE-2017-15814

The connected CNVD-2018-06014 entry describes an information-disclosure vulnerability in Google's Android Qualcomm Camera_v2 driver, caused by insufficient input validation in the driver. The issue is tied to the Camera_v2 components on Android devices using Qualcomm hardware and enables local in...

CVE-2017-18064

CVE-2017-18064 affects Android for MSM, Firefox OS for MSM, and CAF Android builds that use the Linux kernel. The issue is caused by improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is obtained from firmware, leading to a potential buffer overflow. The vulnerability is as...

CVE-2018-7531

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server...

CVE-2018-7531

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server...

CVE-2018-7531

CVE-2018-7531 affects the OSIsoft PI Data Archive (versions 2017 and earlier). The issue is an improper input validation allowing unauthenticated attackers to send unvalidated custom requests that crash the PI Data Archive server, impacting availability (CWE-20). The NVD entry provides a CVSS v3 ...

CVE-2018-7531

An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server...

OSIsoft PI Data Archive

CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Data Archive Vulnerabilities: Deserialization of Untrusted Data, Improper Input Validation, Incorrect Default Permissions AFFECTED PRODUCTS The following versions of PI Data Archive, a data stora...

CVE-2016-8612

Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process...

Eaton ELCSoft

CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Eaton Equipment: ELCSoft Vulnerability: Improper Input Validation AFFECTED PRODUCTS ELCSoft is programming software for all Eaton ELC programmable logic controllers. The ELC programmable logic controllers are not...

Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...