Apple Safari InlineFlowBox Remote Code Execution Vulnerability

Apple Safari is a browser in macOS, the operating system of Apple computers, which uses KDE's KHTML as the browser's computing core. A remote code execution vulnerability exists in Apple Safari InlineFlowBox, which is caused by a lack of validation of an object's existence before performing an...

Unspecified Vulnerability in RANGER Studio Directus

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in the RANGER Studio Directus 7...

CVE-2019-12326

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Information exposure in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

CVE-2019-10914

pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsapub.c...

CVE-2019-10914

CVE-2019-10914 affects MatrixSSL 4.0.1 Open (used in Inside Secure TLS Toolkit). Root cause is a stack-based buffer overflow during X.509 certificate verification due to missing validation in psRsaDecryptPubExt (crypto/pubkey/rsa_pub.c). Public sources warn of potentially severe impact (high on C...

VulnCheck KEV: CVE-2019-25296

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload...

CVE-2018-17666

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-16068

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Input validation

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...

CVE-2017-18318

Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A...

CVE-2018-17619

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Macro Assembler Security Bypass Vulnerability

Microsoft Visual Studio is a family of development tool suites from Microsoft and a largely complete set of development tools that includes most of the tools needed throughout the software life cycle.Macro Assembler is one of the macro assemblers... A security bypass vulnerability exists in...

Security Bulletin: Multiple vulnerabilities in IBM InfoSphere Optim Workload Replay (CVE-2015-1894, CVE-2015-1895)

Summary Multiple vulnerabilities have been identified in IBM® InfoSphere® Optim™ Workload Replay, allowing an attacker to obtain information or gain access to data and operations that are restricted to authorized users. Vulnerability Details CVEID: CVE-2015-1894 DESCRIPTION: IBM Optim Workload...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3734

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path...

CVE-2017-17313

The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the la...

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

Foxit Reader setAction Method Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the setAction method of the Link object in Foxit Reader version 8.3.1.21155, where the program fails to validate the existence of an object before performing an action ...