GHSA-JXX8-V83V-RHW3 Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

GHSA-4936-RJ25-6WM6 nori contains Improper Input Validation

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption

The version of Trend Micro OfficeScan running on the remote host is 11.x prior to 11.0 SP1 CP 6426, or 12.x prior to 12.0 CP 1708. It is, therefore, affected by a remote memory corruption flaw in cgiShowClientAdm.exe due to improper input validation. An unauthenticated remote attacker can corrupt...

ICSA-17-306-01 Siemens SIMATIC PCS 7 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7 Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-306-01 Siemens SIMATIC...

FreeBSD : libtiff -- Improper Input Validation (9b5a905f-e556-452f-a00c-8f070a086181)

libtiff developers report : There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd in LibTIFF 4.0.8, related to tifdirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. There is a reachable assertion abort in the function...

CVE-2017-7924

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands PCCC packet to the...

CVE-2017-7924

CVE-2017-7924 concerns Rockwell Automation’s MicroLogix 1100 controllers (1763-L16BWA, 1763-L16AWA, 1763-L16BBB, 1763-L16DWD). The issue is an improper input validation that could be exploited by a remote, unauthenticated attacker sending a single crafted PCCC packet, potentially causing a Denial...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired function in Splash.cc via a crafted PDF document. Remediation There is no fixed version for poppler. References -...

Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the General Packet Radio Service GPRS Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution SAE Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerabili...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified...

ICSMA-17-227-01_BMC Medical and 3B Medical Luna CPAP Machine

OVERVIEW MedSec has identified an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure CPAP therapy machine. For devices released after July 1, 2017, this vulnerability has been addressed. For devices released prior to July 1, 2017, BM...

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Cisco Email Security Appliance Attachment Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update J)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerabilities: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

ICSA-17-129-01 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application...