UBUNTU-CVE-2021-46238

GPAC v1.1.0 was discovered to contain a stack overflow via the function gfnodegetname at scenegraph/basescenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service DoS...

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

Sql injection

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

Jackalope Doctrine-DBAL SQL注入漏洞

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR that uses a relational database to persist data. Jackalope Doctrine-DBAL suffers from a SQL injection vulnerability that stems from the software's lack of effective filtering for the $property parameter. In the...

PT-2024-11308 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL dereference in the cifs compose mount options function. The optional @ref parameter might contain a NULL node name, which could lead to a NULL dereferenc...

CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

Cross-Site Scripting (XSS)

pcs:stretch is vulnerable to a cross-site scripting. Improper validations of Node name field allow attackers to inject and execute arbitrary Javascript when creating or adding existing clusters...

DEBIAN-CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

Cross site scripting

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

UBUNTU-CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

Foxit Reader Information Disclosure Vulnerability (CNVD-2018-11858)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An information disclosure vulnerability exists in the handling of the U3D Node Name buffer in Foxit Reader version 9.0.0.29935, where the program fails to properly validate user-submitted data. The vulnerability can ...

CVE-2018-10480

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-10480

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Code injection

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-10480

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-10480

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10480 due to improper validation in the handling of the U3D Node Name buffer, causing a read past the end of an allocated buffer. The vulnerability can disclose sensitive information and, in conjunction with other vulnerabilities, may allow code ex...

Foxit Reader U3D Node Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

ClusterLabs pcs Cross-Site Scripting Vulnerability

ClusterLabs pcs is a command line tool for configuring Pacemaker. A cross-site scripting vulnerability exists in versions of ClusterLabs pcs prior to 0.9.157 that stems from the program failing to properly validate the Node name field. An attacker can exploit the vulnerability to run JavaScript...

Cross site scripting

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...