RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:3280)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3280 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

SUSE: Security Advisory (SUSE-SU-2021:2760-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

Command injection

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service. The vulnerability exists due to missing input validation of some parameters on the endpoints used to confirm third-party identifiers which could cause excessive use of disk space and memory leading to resource exhaustion...

CVE-2021-28308

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

Debian: Security Advisory (DLA-2487-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the master.py component in the Configuration Management system and the remote execution of SaltStack operations allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the master.py component of the Configuration Management system and the remote execution of SaltStack operations is related to the lack of a mechanism for checking input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

CVE-2020-6191

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation...

CVE-2020-6191

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation...

CVE-2019-14260

On the Alcatel-Lucent Enterprise ALE 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection missing input validation issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands...

Command injection

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

Command injection

A command injection missing input validation issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request...

CVE-2019-12328

A command injection missing input validation issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request...

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

CVE-2018-19977

A command injection missing input validation, escaping in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker simple user -- in the same network as the device -- to trigger OS commands like starting telnetd or openin...

CVE-2018-17927

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow...

Debian: Security Advisory (DLA-1471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-14017

The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...