1481 matches found
The vulnerability of Adobe Experience Manager’s content and media management system, related to the lack of measures for cleaning incoming data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Adobe Experience Manager content and media management system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55882)
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
NCH Quorum Cross-Site Scripting Vulnerability
NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which stems from the product's /conferencebrowseuploadfile?confid=failure to properly handle user input data and can be exploited to...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55883)
NCH Axon PBX is a set of virtual telephone switch software used in a business environment. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the fact that the product's customer name does not properly filter special characters in the input data and can be exploited to...
The vulnerability of the library for EXIF file grammar analysis in libexif, related to integer overflow, allows attackers to access confidential information or cause service failures.
The vulnerability of the library for grammatical analysis of EXIF files in libexif is related to a numerical overflow in the input data of the MNOTE input file. Exploiting this vulnerability can allow an attacker to gain access to confidential information or cause service failures...
Injection Vulnerability
thunderbird is vulnerable to injection vulnerability. The vulnerability exists due to the lack of sanitization of input data prior to the completion of the STARTTLS handshake...
The vulnerability of the Ceph storage system, related to insufficient validation of input data, allows attackers to compromise the integrity of the data.
The vulnerability of the Ceph storage system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of the data...
Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2021-50186)
Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager suffers from a command injection vulnerability that originates from the product not doing security checks on user input data, which...
QSAN XEVO Path Traversal Vulnerability
QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A path traversal vulnerability exists in QSAN XEVO, which stems from a failure of the product's back-end analysis function to filter input data for special characters. The...
Huawei Emui and Magic UI DoS Vulnerability (CNVD-2021-93836)
Huawei Emui is a mobile operating system based on Android, and Magic Ui is a mobile operating system based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which stems from a failure to properly validate input data. An attacker could exploit the vulnerability to cause a...
The vulnerability of the software platform for developing and managing online stores Magento Commerce arises from insufficient validation of input data. This allows attackers to access confidential information.
The vulnerability of the Magento Commerce software platform for developing and managing online stores exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
The vulnerability of the xen-netback component in the Linux operating system allows a hacker to increase their privileges or expose sensitive information.
The vulnerability of the xen-netback component in the Linux operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges or disclose sensitive information...
PT-2021-19986 · Open Design Alliance · Oda Drawing Sdk
Name of the Vulnerable Software and Affected Versions: Open Design Alliance ODA Drawing SDK versions prior to 2022.5 Description: The issue is related to an out-of-bounds read in the DWG file-recovering procedure due to the lack of proper validation of user-supplied data. This can cause a read pa...
The vulnerability of Microsoft Windows Defender operating system allows a hacker to trigger a service failure.
The vulnerability of Microsoft Windows Defender operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...
CVE-2021-22759
A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22757
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition...
Design/Logic Flaw
A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...
Remote code execution
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition...