Lucene search
K

227 matches found

NVD
NVD
added 2023/11/29 9:15 a.m.24 views

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

4.3CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/29 8:53 a.m.11 views

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

4.3CVSS6.9AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2023/11/02 2:15 p.m.4 views

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

5.4CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.8 views

PT-2023-22109 · Ox Software Gmbh +1 · Ox App Suite +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Documents operations, specifically "drawing", could be manipulated to contain invalid data types, possibly script code. This script code could be inject...

5.4CVSS5.4AI score0.00383EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.7 views

PT-2023-26946 · Ashlar Vellum · Ashlar-Vellum Cobalt +4

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share version 12 SP0 Build 1204.77 Description: The affected applications lack proper validation of user-supplied data when parsing XE files, which could lead to an out-of-bounds write. ...

7.8CVSS7.9AI score0.00202EPSS
Exploits0References7
Citrix
Citrix
added 2023/09/21 12:0 a.m.7 views

Cannot decompress firmware package with error "invalid compressed data--format violated"

Running command "tar -xvzf build-xx-xxnc64.tgz" in NetScaler shell to decompress firmware package, but it fails with error "invalid compressed data--format violated"...

7.3AI score
Exploits0
Prion
Prion
added 2023/09/05 7:15 a.m.23 views

Information disclosure

Transient DOS in Modem while processing invalid System Information Block 1...

5CVSS7.5AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2023/08/08 10:15 a.m.30 views

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

7.8CVSS6.8AI score0.00109EPSS
Exploits0References1
Prion
Prion
added 2023/08/08 10:15 a.m.26 views

Memory corruption

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

4.3CVSS7.6AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/08 9:14 a.m.38 views

CVE-2023-21650 Improper Validation of Array Index in GPS HLOS Driver

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

6.7CVSS7.8AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

Qualcomm Chip Buffer Error Vulnerability

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip that stems from memory...

7.8CVSS6.9AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.7 views

PT-2023-18313 · Unknown · Gps Hlos Driver

Name of the Vulnerable Software and Affected Versions: GPS HLOS Driver affected versions not specified Description: The issue is related to memory corruption in the GPS HLOS Driver. Specifically, when the injectFdclData function receives data with an invalid data length, it can cause memory...

7.8CVSS7.7AI score0.00109EPSS
Exploits0References2
OSV
OSV
added 2023/08/03 12:15 p.m.1 views

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS6.6AI score0.00519EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/07/26 2:15 p.m.3 views

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References3
NVD
NVD
added 2023/07/26 2:15 p.m.35 views

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/26 12:0 a.m.33 views

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

7.6AI score0.0043EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/09 12:53 p.m.10 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS9.1AI score0.00818EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.6 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 14.6-rc-1 through 14.10.4, which stems from an HTML element cleaner that accepts invalid data attributes, allowin...

9.6CVSS8AI score0.00818EPSS
Exploits0References5
OSV
OSV
added 2023/05/05 4:15 p.m.5 views

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

5.9CVSS6.7AI score0.00945EPSS
Exploits0References2
Prion
Prion
added 2023/05/05 4:15 p.m.21 views

Code injection

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

5CVSS7.2AI score0.00945EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder