CVE-2019-12328

A command injection missing input validation issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request...

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

CVE-2018-19977

A command injection missing input validation, escaping in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker simple user -- in the same network as the device -- to trigger OS commands like starting telnetd or openin...

Debian: Security Advisory (DLA-1746-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-17927

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow...

Debian: Security Advisory (DLA-1471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2018-1140

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable...

UBUNTU-CVE-2018-1140

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable...

CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

CVE-2018-14017

The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...

Heap overflow

The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...

CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

Google Android has an unspecified vulnerability (CNVD-2018-10036)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the Qualcomm SD 400 and Qualcomm SD 800 are central processing unit CPU products from Qualcomm. A security vulnerability exists in the Qualcomm closed-source component of Goog...

Google Android elevation of privilege vulnerability (CNVD-2018-10119)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2018:0875-1)

This update for LibVNCServer fixes the following issues : - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage bsc1081493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Design/Logic Flaw

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...

CVE-2014-2032

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...

CVE-2014-2032

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...