CVE-2020-11162

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

Valve: Add any depot to your app and access its contents without decryption key; via /apps/setcommonredists

The summary is: A parameter-validation error on an endpoint used to configure redistributable depots allowed external depots to be added to an existing app without the required decryption key...

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

HUAWEI Taurus-AL00A Information Disclosure Vulnerability

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in the HUAWEI Taurus-AL00A XFRM module. The vulnerability stems from a failure to adequately validate parameters, which can be exploited by an authenticated attacker by performing certa...

CVE-2020-24551

IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials...

CVE-2020-24551

IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials...

CVE-2020-24551

The CVE-2020-24551 entry applies to IProom MMC+ Server login page, where improper validation of specific parameters enables an open redirect. The vulnerability is network-?driven; CVSS details from NVD indicate both CVSS v2 (base 5.8) and CVSS v3.1 (base 6.1) with no authentication, user interact...

Input validation

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

CVE-2019-16025

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed...

Input validation

An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page...

UBUNTU-CVE-2020-13298

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure...

The vulnerability of the Cisco Webex Meetings Desktop App’s software lies in errors during URL parameter verification, allowing attackers to re-record arbitrary files.

The vulnerability of the Cisco Webex Meetings Desktop App’s software relates to errors during the validation of URL parameters. Exploiting this vulnerability allows a malicious actor to re-record any files at will...

CVE-2020-9242

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack...

CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

Huawei FusionCompute Command Injection Vulnerability

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. A command injection vulnerability exists in Huawei FusionCompute version 8.0.0, which stems from the device not adequately...

CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

Cross site scripting

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

CVE-2020-3462

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could...

CVE-2020-15621

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...