105 matches found
Cross site scripting
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
PT-2023-24198 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 3.0.0 through 3.3.4 Description: Xibo is a content management system CMS that has an issue where some API routes print a stack trace when called with missing or invalid parameters, revealing sensitive information about the...
Xibo 安全漏洞
Xibo is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo versions prior to 3.0.0 through 3.3.5, which originates from a stack trace being printed when called with missing or invalid parameters, which can be exploited by an attacker to vie...
SUSE CVE-2010-1173
The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...
SUSE CVE-2010-2483
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values...
SUSE CVE-2011-3619
The apparmorsetprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified other impact by writing to a...
K15395: OpenSSL vulnerability CVE-2012-0027
Security Advisory Description The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client. CVE-2012-0027 Impact This vulnerability could...
php: Uninitialized array in pg_query_params() leading to RCE
A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subje...
Bosch IP cameras 资源管理错误漏洞
Bosch IP cameras is a German Bosch network camera. Bosch IP cameras has a denial of service vulnerability, which stems from the failure to filter invalid parameters in URLs entered by users with administrator privileges, and can be exploited by attackers to cause the camera to become unresponsive...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-36361)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an unspecified vulnerability that stems from passing invalid parameters to tf.rawops.SparseCountSparseOutput.No details of the vulnerability are provided at this...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an unspecified vulnerability that stems from passing invalid parameters to tf.rawops.SparseCountSparseOutput.No details of the vulnerability are provided at this...
Cross-Site Request Forgery (CSRF)
play framework is vulnerable to cross-site request forgery CSRF. An attacker is able to bypass the CSRF filter by making CORS simple requests with content types that contain parameters that are invalid and unable to be parsed...
DEBIAN-CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...
Command injection
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...