The vulnerability of the pom.xml components and CpsGroovyShell.java plugin of the Jenkins Pipeline allows a hacker to execute arbitrary code.

The vulnerability of the pom.xml components and CpsGroovyShell.java src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java of the Jenkins Pipeline plugin is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability can allow a...

GHSA-VM59-329Q-P468 Cross-site Scripting in Apache UIMA

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

Cross-site Scripting in Apache UIMA

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

CVE-2018-18558

Affected software: Espressif ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1. Root cause: Insufficient validation of input data in the 2nd stage bootloader (process_segment in components/bootloader_support/src/esp_image_format.c). Vulnerability allows a physically proximate attacker to b...

CVE-2018-8035

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

CVE-2018-8035

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

CVE-2018-8035

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

CVE-2019-3712

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP...

The vulnerability of the IEC 61850-MMS protocol processor in Siemens network equipment’s microprogramming software allows a perpetrator to induce a service failure.

The vulnerability of the IEC 61850-MMS protocol processor in Siemens’ micro-programmed network equipment is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending specially crafted packets to port...

CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs...

Command injection

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input fiel...

CVE-2018-7721

Cross Site Scripting XSS exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data...

Buffer overflow

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200...

CVE-2017-17160

The CVE-2017-17160 issue is a buffer overflow in multiple Huawei enterprise routers (e.g., AR, AR1200/120-S/150/160/200-series, SRG, NetEngine16EX, etc.) caused by incomplete input range checks. An unauthenticated, remote attacker can send malicious IKE packets to the device, potentially writing ...

[ASA-201705-6] lib32-libtirpc: denial of service

Arch Linux Security Advisory ASA-201705-6 ========================================= Severity: Medium Date : 2017-05-07 CVE-ID : CVE-2017-8779 Package : lib32-libtirpc Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-263 Summary ======= The package lib32-libtirpc...

The vulnerability of the SeaMonkey software package allows a malicious attacker to execute arbitrary code or cause a service failure.

The SeaMonkey software contains a vulnerability in the WebGLContext::ValidateTextImageSize function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by manipulating input data...

Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip

Several vulnerabilities were fixed this week in the file archiver 7-Zip that could have led to arbitrary code execution and file corruption. The developer behind the tool-which is open source and can be used with any compression, conversion, or encryption method-is urging users to update to the...

SQL Injection in SocialEngine

High-Tech Bridge Security Research Lab discovered SQL-Injection vulnerability in a popular social networking software SocialEngine. The vulnerability can be exploited to gain access to potentially sensitive information in database and compromise the entire website. The vulnerability exists due to...

joomla -- multiple vulnerabilities

The JSST and the Joomla! Security Center report: 20151201 - Core - Remote Code Execution Vulnerability Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability. 20151202 - Core - CSRF Hardening Add addition...