558 matches found
CVE-2020-26826
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...
ASB-A-159062405
In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
PT-2020-14594 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.20 Description: An issue was discovered in Joomla! where missing validation checks on the usergroups table object can result in a broken site configuration. Recommendations: For versions prior to 3.9.20, update t...
ASB-A-135368228
In i915gemexecbuffer2ioctl of i915gemexecbuffer.c, there is a possible arbitrary kernel memory write due to a missing validation of a userspace pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CloudBees Jenkins Compact Columns Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Compact Columns Plugin is used in one of the...
OPENSUSE-SU-2020:0693-1 Security update for dpdk
This update for dpdk fixes the following issues: Security issues fixed: - CVE-2020-10722: Fixed an integer overflow in vhostusersetlogbase bsc1171477. - CVE-2020-10723: Fixed an integer truncation in vhostusercheckandallocqueuepair bsc1171477. - CVE-2020-10724: Fixed a missing inputs validation i...
Denial Of Service (DoS)
Kernel is vulnerable to denial of service DoS. A missing validation check was found in the bcmrelease and rawrelease functions in the Linux kernel's Controller Area Network CAN implementation. This could allow a local, unprivileged user to cause a denial of service...
Input validation
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1079)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...
eIDAS-Node 2.3 Authentication Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication Bypass product: eIDAS-Node vulnerable version: =v2.3 v2.1 vulnerability 2 fixed version: v2.3.1 CVE number: - impact: critical homepage:...
CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...