227 matches found
CVE-2023-6070
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...
CVE-2023-6070
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...
CVE-2023-29045
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...
PT-2023-22109 · Ox Software Gmbh +1 · Ox App Suite +2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Documents operations, specifically "drawing", could be manipulated to contain invalid data types, possibly script code. This script code could be inject...
PT-2023-26946 · Ashlar Vellum · Ashlar-Vellum Cobalt +4
Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share version 12 SP0 Build 1204.77 Description: The affected applications lack proper validation of user-supplied data when parsing XE files, which could lead to an out-of-bounds write. ...
Cannot decompress firmware package with error "invalid compressed data--format violated"
Running command "tar -xvzf build-xx-xxnc64.tgz" in NetScaler shell to decompress firmware package, but it fails with error "invalid compressed data--format violated"...
Information disclosure
Transient DOS in Modem while processing invalid System Information Block 1...
CVE-2023-21650
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...
Memory corruption
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...
CVE-2023-21650 Improper Validation of Array Index in GPS HLOS Driver
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...
Qualcomm Chip Buffer Error Vulnerability
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip that stems from memory...
PT-2023-18313 · Unknown · Gps Hlos Driver
Name of the Vulnerable Software and Affected Versions: GPS HLOS Driver affected versions not specified Description: The issue is related to memory corruption in the GPS HLOS Driver. Specifically, when the injectFdclData function receives data with an invalid data length, it can cause memory...
CVE-2023-37558
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 14.6-rc-1 through 14.10.4, which stems from an HTML element cleaner that accepts invalid data attributes, allowin...
CVE-2023-26285
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...
Code injection
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...