Stored XSS vulnerability in Jenkins brakeman Plugin

brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability. This vulnerability can be exploited by users able to control the Brakeman post-build step input data.\n\nbrakeman Plugin 0.13 escap...

GHSA-RJ7P-RFGP-852X Loop with Unreachable Exit Condition in Apache Thrift

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

The vulnerability of TP-Link Tapo C200’s microprogrammed software lies in the lack of measures to clean incoming data inputs, allowing a intruder to gain full control over the device.

The vulnerability of TP-Link Tapo C200 IP camera’s microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to gain full control over the device...

The vulnerability of the Fax Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Fax Service in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the LDAP service protocol implementation in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the LDAP service protocol implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by transmitting specially crafted data...

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to execute cross-site scripting (XSS) attacks.

The vulnerability in the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-60134)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio that originates when a...

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

Microsoft Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability

Microsoft Windows Remote Procedure Call Runtime is a technology used to create distributed client/server programs from Microsoft Corporation USA.Microsoft Windows Remote Procedure Call Runtime is vulnerable to remote code execution vulnerability. The vulnerability stems from the failure of a...

OESA-2022-1651 zlib security update

Zlib is a free, general-purpose, not covered by any patents, lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms. Security Fixes: zlib before 1.2.12 allows memory corruption when deflating i.e....

The vulnerability in the set of tools for web development, DevTools, in Microsoft Edge and Google Chrome browsers allows a hacker to expose protected information.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

The vulnerability of the Solaris operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the Solaris operating system’s kernel exists due to insufficient checks on input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Solaris operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the Solaris operating system’s kernel exists due to insufficient checks on input data. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2022-30284

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived...

The vulnerability of the Adobe Photoshop graphic editor lies in the lack of thorough verification of input data, which allows attackers to exploit the system to disclose protected information.

The vulnerability of the Adobe Photoshop graphic editor is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially crafted file...

The vulnerability of the `stream_get_meta_data` function in the PHP programming language exists due to insufficient checks on input data, allowing attackers to compromise the integrity of the information.

The vulnerability of the streamgetmetadata function in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of information...

CVE-2021-26625

The CVE-2021-26625 entry concerns the Nexacro platform (Tobesoft Nexacro). The root cause is an automatic update feature that does not verify input data beyond version information, enabling a remote attacker to download and execute arbitrary malicious files. Public details specify Nexacro/17.x va...

CVE-2021-26625 tobesoft Nexacro arbitrary file download vulnerability

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

Microsoft Azure Site Recovery Remote Code Execution Vulnerability

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to remote code execution. The vulnerability stems from the failure of a network system or product to properly filter special...

Microsoft Windows Kerberos Remote Code Execution Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Kerberos. The vulnerability stems from failure to properly process input data and can be exploited by an attacker to...