CVE-2021-31986

CVE-2021-31986 affects Axis OS; root cause is improper validation of user-controlled SMTP notification parameters, leading to a heap-based buffer overflow with potential crashes and data leakage. In Axis OS, affected tracks/versions include AXIS OS Active track 10.7 and 10.8, AXIS OS 2016 LTS tra...

Axis Os 缓冲区错误漏洞

Axis Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS 6.40 or later that stems from not properly validating control parameters related to SMTP notifications. This could lead to a buffer overflow and data leakage...

PT-2021-19616 · Axis Communications +1 · Axis Os +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a user-controlled parameter in the SMTP test functionality that is not correctly validated. This allows an attacker to bypass...

CVE-2021-37104

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118C00E116R3P3. This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attack...

SUSE-SU-2021:3211-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in domain names bsc1189370. - CVE-2021-22940: Use after free on close http2 on stream canceling bsc118936...

CVE-2021-34723

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command...

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE SD-WAN Software is a Cisco software for network management software-defined networking for the Cisco IOS XE network operating system. A security vulnerability exists in Cisco IOS XE SD-WAN Software, which is caused by insufficient validation of CLI command parameters. An attacker cou...

Xiaomi AX3600 Command Injection Vulnerability

Xiaomi AX3600 is a router.A command injection vulnerability exists in the xqnetwork.lua addMeshNode interface, which is caused by insufficient parameter validation. An attacker could use this vulnerability to inject commands to execute with administrator privileges...

Solarwinds Orion Platform跨站脚本漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, as well as support for customized web interfaces, multiple user comments, and map-based views of the entire...

CVE-2021-37417

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

CVE-2021-37417

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

Input validation

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

SUSE-SU-2021:2875-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...

CVE-2021-22400

CVE-2021-22400 affects Huawei OxfordS-AN00A smartphones (listed firmware versions such as 10.0.1.10, 10.0.1.105, 10.0.1.115, 10.0.1.123, 10.0.1.135, 10.0.1.152, 10.0.1.160, 10.0.1.167, 10.0.1.173, 10.0.1.178, 10.1.0.202). The root cause is insufficient input/parameter validation (missing paramete...

多款Qualcomm产品输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm chips that stems from improper...

_token parameter not validated

Handle pauliax Vulnerability details Impact function depositProtocolBalance does not validate the token, nor the caller. It is possible to call this function passing any arbitrary token and amount values and thus artificially increasing protocolBalance which may lead to further failed computation...

Pillow 缓冲区错误漏洞

Pillow is a Python-based image processing library. A buffer overflow vulnerability exists in Pillow, which stems from the failure of the product's convert.c to validate the security of parameters, and could be exploited to trigger a denial of service or remote code execution by triggering a buffe...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

Code injection

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...