1200 matches found
CVE-2022-44556
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability...
Input validation
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability...
CVE-2022-44556
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability...
CVE-2022-44556
CVE-2022-44556 involves missing parameter type validation in the DRM module, with DoS impacting availability. Connected sources tie the vulnerability to Huawei EMUI (Android-based) and report that Huawei EMUI 12.0.0 is affected by a DRM‑module parameter validation issue. Root cause is described a...
PT-2022-5476 · Cisco · Cisco Email Security Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker...
Api2Cart Bridge Connector < 1.2.0 - Unauthenticated RCE
The plugin does not validate some parameters which could lead to RCE...
CVE-2022-20933
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of...
Better Messages < 1.9.10.69 - Subscriber+ SSRF
The plugin does not validate a parameter before making a request to it, which could allow users with a role as low as subscriber to perform SSRF attacks...
CVE-2022-23770
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...
CVE-2022-23770 WISA Smart Wing CMS Remote Command Execution Vulnerability
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...
CVE-2022-23770 WISA Smart Wing CMS Remote Command Execution Vulnerability
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...
Denial Of Service (DoS)
fis-gtm is vulnerable to denial of service. The vulnerability exists due to lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c which allows attackers to attempt to read from a NULL pointer...
Spoofing
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack...
PT-2022-25009 · Nokia · Nokia 1350 Oms
Name of the Vulnerable Software and Affected Versions: NOKIA 1350 OMS version R14.2 Description: An Open Redirect issue occurs on the login page via the next HTTP GET parameter. Recommendations: For NOKIA 1350 OMS version R14.2, consider restricting access to the login page or validating the next...
多款Huawei产品缓冲区错误漏洞
Huawei 576up005 HOTA-CM-H-Shark-BD and others are a headset from the Chinese company Huawei Huawei. A security vulnerability exists in several Huawei products. The vulnerability stems from insufficient validation of some parameter inputs, which can be exploited by an attacker to send a...
Remote Code Execution
flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...
Download Manager < 3.2.50 - Contributor+ PHAR Deserialization
The plugin does not validate a parameter, which could allow users with a role as low as contributor to perform PHAR deserialisation when a suitable gadget chain is also present...
CVE-2022-2367
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
CVE-2022-2367
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
Design/Logic Flaw
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...