230 matches found
CVE-2024-35284
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient input validation...
CVE-2024-35283
A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting XSS attack due to insufficient input validation...
Siemens SIMATIC WinCC Denial of Service Vulnerability (CNVD-2024-17302)
SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is used for operator visualization of the runtime platform for the control and monitoring of machines and equipment. A denial of service...
CVE-2023-31455
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort...
SUSE-SU-2023:4932-1 Security update for libreoffice
This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution bsc1217578. - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection bsc1217577...
CVE-2022-32482
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...
PT-2022-25774 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java HTTP Provider Service version 7.50 Description: The issue is caused by insufficient input validation, allowing an unauthenticated attacker to inject a script into a web request header. Successful exploitation enables an...
MGASA-2022-0447 Updated freerdp packages fix security vulnerability
In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...
PT-2022-5768 · Nvidia · Nvidia Gpu Display Driver
Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows affected versions not specified Description: The issue is related to insufficient input validation in the NVIDIA GPU Display Driver, allowing an unprivileged user to access or modify system files,...
PT-2022-37580 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions prior to the fixed version Description: The issue is related to several bugs in PHP, including an out-of-bounds read due to insufficient input validation in the imageloadfont function, a buffer overflow in the hash update functio...
CVE-2014-0144
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privilege...
SUSE-SU-2022:2993-1 Security update for freerdp
This update for freerdp fixes the following issues: - Fixed two input validation issues bsc1191895: - CVE-2021-41159: Fixed an improper validation of client input for gateway connections. - CVE-2021-41160: Fixed improper region checks that could lead to memory corruption...
PT-2022-7224 · Proscend · Proscend M330-W +7
Name of the Vulnerable Software and Affected Versions: Proscend M330-w versions Proscend M330-W5 versions Proscend M350-5G versions Proscend M350-W5G versions Proscend M350-6 versions Proscend M350-W6 versions Proscend M301-G versions Proscend M301-GW versions Proscend ICR 111WG versions...
PT-2022-37649 · Nvidia · Nvidia Windows Gpu Display Driver +1
Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Linux versions prior to the fixed version NVIDIA GPU Display Driver for Windows versions prior to the fixed version Description: The issue is related to improper input validation and null-pointer dereferences in...
PT-2022-3949 · Haproxy +4 · Haproxy +4
Name of the Vulnerable Software and Affected Versions: Roxy-WI versions prior to 6.1.1.0 Description: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. The issue arises from the subprocess execute function in the /app/options.py file, which does not properly...
SUSE-SU-2022:0079-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-24504: Fixed an uncontrolled resource consumption in some IntelR Ethernet E810 Adapter drivers that may have allowed an authenticated user to...
CVE-2021-0078
Improper input validation in software for some IntelR PROSet/Wireless WiFi and KillerTM WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access...
CVE-2011-4124
Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...
SUSE-SU-2021:3211-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in domain names bsc1189370. - CVE-2021-22940: Use after free on close http2 on stream canceling bsc118936...
ROS-2-2075
2.2075 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...