CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

Helpcom Input Validation Error Vulnerability

Helpcom is an application of Helpcom Korea, Inc. which provides remote control services. a security vulnerability exists in Helpcom, which stems from insufficient parameter validation. An attacker could exploit the vulnerability to execute arbitrary commands...

Unspecified Vulnerability in ezPDF

ezPDF is a cell phone PDF reader. It can help users to search for all PDF files in the phone, and can help users quickly open these PDF files to view. There is a security vulnerability in ezPDF that stems from memory corruption caused by insufficient parameter validation. Currently there is no...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46660)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from a lack of validation between the parameters tf.rawops.Conv3DBackprop. This results in a heap buffer...

Huawei Smartphone 安全漏洞

Huawei Smartphone is a smartphone from Chinese company Huawei Huawei. Huawei HarmonyOS Some Huawei products have a security vulnerability due to failure to validate parameters...

CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter...

CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter...

CVE-2020-7870

CVE-2020-7870 affects ezPDF with a memory corruption vulnerability caused by insufficient validation of a parameter. The Red Hat, NVD, CNVD, and other entries confirm the issue, describing memory corruption when ezPDF improperly handles the parameter. The Connected documents do not provide specif...

CVE-2020-7871

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to...

Helpcom 输入验证错误漏洞

Helpcom is an application of Helpcom Korea, Inc. which provides remote control services. a security vulnerability exists in Helpcom, which stems from insufficient parameter validation. An attacker could exploit the vulnerability to execute arbitrary commands...

ezPDF 缓冲区错误漏洞

ezPDF is a cell phone PDF reader. It can help users to search for all PDF files in the phone, and can help users quickly open these PDF files to view. There is a security vulnerability in ezPDF that stems from memory corruption caused by insufficient parameter validation. Currently there is no...

CVE-2020-27339

CVE-2020-27339 affects InsydeH2O kernel 5.x, where several SMM drivers (AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, SdMmcDeviceDxe) fail to validate the CommBuffer and CommBufferSize, allowing memory corruption of firmware or OS memory. The issue is fixed in kernel 5.1–5.5 with specifi...

Cisco Small Business 200 Series Managed Switches 跨站脚本漏洞

Cisco Small Business 200 Series Managed Switches is a 200 Series managed switch from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Small Business 220 Series Smart Switches, which stems from improperly checking the value of a parameter on an affected page. An attacker could use...

Cisco Small Business 220 Series Smart Switches 授权问题漏洞

The Cisco Small Business 220 Series Smart Switches is a small smart switch device from Cisco. An authorization issue vulnerability exists in the Cisco Small Business 220 Series Smart Switches that stems from a lack of parameter validation of TFTP configuration parameters. Exploitation of this...

Crlf injection

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

CVE-2021-1358

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. A...

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

GHSA-H9PX-9VQG-222H Heap OOB in `QuantizeAndDequantizeV3`

Impact An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV3 input=2.5,2.5, inputmin=0,0, inputmax=1,1, numbits=30, signedinput=False, rangegiven=False, narrowrange=False, axis=3...

Cisco Finesse 输入验证错误漏洞

Cisco Finesse is a next-generation seat and supervisor desktop designed to provide a collaborative experience for the diverse communities that interact with your customer service organization. An open redirection vulnerability exists in the Web management interface of Cisco Finesse 12.61 and...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from a lack of validation between the parameters tf.rawops.Conv3DBackprop. This results in a heap buffer...