IPCOMM ipDIO 安全漏洞

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A code injection vulnerability exists in IPCOMM ipDIO that stems from the absence of a filter when loading certain sections of a Web application o...

WikiDocs 安全漏洞

WikiDocs is a database-less Markdown flat file Wiki engine by the individual developer Manuel Zavatta in Italy. WikiDocs suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker can exploit this...

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

Rocky Linux 8 : nodejs:12 (RLSA-2021:3623)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3623 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...

Mageia: Security Advisory (MGASA-2020-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

UBUNTU-CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service abort because of missing call-setup input validation...

Input validation

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation issue 2 of 2...

CVE-2022-22271

CVE-2022-22271 concerns Samsung TIMA Trustlet where a missing input validation before memory copy allows copying data from arbitrary memory. Connected sources (e.g., PT-2022-15317) specify that TIMA Trustlet versions prior to SMR Jan-2022 Release 1 are affected; remediation is to update to SMR Ja...

Piwigo 跨站脚本漏洞

Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Parsian Bank Gateway for Woocommerce plugin is a WordPress open source application plugin. WordPress Parsian Bank...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...

CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

CentOS 8 : python27:2.7 (CESA-2021:4151)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4151 advisory. - python: Unsafe use of eval on data retrieved via HTTP in the test suite CVE-2020-27619 - python-jinja2: ReDoS vulnerability in the urlize filter...

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

CentOS 8 : nodejs:14 (CESA-2021:3666)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

CentOS 8 : nodejs:12 (CESA-2021:3623)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3623 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

FortiWeb - OS Command Injection because of missing input parameter sanitization

Multiple improper neutralization of special elements vulnerabilities CWE-89 used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...