Cisco Small Business 220 Series Smart Switches 授权问题漏洞

The Cisco Small Business 220 Series Smart Switches is a small smart switch device from Cisco. An authorization issue vulnerability exists in the Cisco Small Business 220 Series Smart Switches that stems from a lack of parameter validation of TFTP configuration parameters. Exploitation of this...

Crlf injection

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

CVE-2021-1358

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. A...

GHSA-H9PX-9VQG-222H Heap OOB in `QuantizeAndDequantizeV3`

Impact An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV3 input=2.5,2.5, inputmin=0,0, inputmax=1,1, numbits=30, signedinput=False, rangegiven=False, narrowrange=False, axis=3...

Cisco Finesse 输入验证错误漏洞

Cisco Finesse is a next-generation seat and supervisor desktop designed to provide a collaborative experience for the diverse communities that interact with your customer service organization. An open redirection vulnerability exists in the Web management interface of Cisco Finesse 12.61 and...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from a lack of validation between the parameters tf.rawops.Conv3DBackprop. This results in a heap buffer...

思科 Cisco Unified Communications Manager SQL注入漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution. A SQL injection vulnerability...

INIM ELECTRONICS SmartLiving System 代码问题漏洞

INIM ELECTRONICS SmartLiving System is an application of the Italian company INIM ELECTRONICS. A SmartLiving System. A security vulnerability exists in INIM ELECTRONICS SmartLiving System, which stems from a lack of validation of parameters, and can be exploited by an attacker to specify an...

Design/Logic Flaw

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarcversion aka oauthregisteredconsumer.oarcversion parameter's length...

Design/Logic Flaw

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

CVE-2021-29431

Sydent (Matrix identity server) is affected by a SSRF issue caused by missing validation of hostnames, allowing the server to be induced to issue HTTP GETs to internal systems. The impact is described as not enabling data exfiltration or control of request headers, but it may enable internal port...

CVE-2021-29431 SSRF in Sydent due to missing validation of hostnames

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

Cisco Webex Meetings 安全漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary file overwrite vulnerability exists in the CLI for SD-WAN for Cisco IOS XE. The vulnerability stems from insufficient validation of parameters for specific CLI...

Xilinx Zynq-7000 安全特征问题漏洞

The Xilinx Zynq-7000 is a chip from Xilinx, Inc. The Zynq-7000 is a chip from Xilinx, Inc. that provides the software programmability of an ARM® architecture processor with the hardware programmability of an FPGA, enabling critical analysis and hardware acceleration while integrating a CPU, DSP,...

Weseek GROWI 跨站脚本漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

Doctor Appointment System 1.0 SQL Injection Vulnerability

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...