4603 matches found
PT-2019-18201 · F5 · F5 Big-Ip
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with...
Vulnerability fixed in PostgreSQL
Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...
CVE-2014-5401 Hospira MedNet Code Injection
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versio...
GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall
Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat
Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...
GHSA-9GQH-Q4CX-F2H9 ipip downloads Resources over HTTP
Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...
GHSA-6Q8Q-RVF4-M4PG dalek-browser-chrome Downloads Resources over HTTP
Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...
Downloads Resources over HTTP in native-opencv
Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin
Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...
GHSA-XJ62-87PG-VCV3 Regular Expression Denial of Service in jshamcrest
The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...
GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP
Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
PT-2019-1402 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: A remote code execution issue exis...
PT-2019-18337 · Zoneminder +3 · Zoneminder +3
Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.32.3 Description: An issue exists in the software where Reflected XSS is present in the web/skins/classic/views/plugin.php file via the pl parameter in the /zm/index.php?view=plugin API endpoint. Recommendations: For...
PT-2022-5597 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: GPAC affected versions not specified Description: The issue is related to the function svg parse preserveaspectratio of the SVG Parser component in the GPAC multimedia platform. It is caused by incorrect clearing or freeing of resources,...
PT-2019-5708 · Python +8 · Python +8
Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x before 3.4.10 Python versions 3.5.x before 3.5.7 Python versions 3.6.x before 3.6.9 Python versions 3.7.x before 3.7.3 Description: The issue is related to the incorrect domain validation...
GHSA-HXHM-3VJ9-6CQH apk-parser2 downloads Resources over HTTP
Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
PT-2018-16290 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub version 0.20.17 Description: A buffer overflow issue exists in the /cameras/XXXX/clips handler of the video-core's HTTP server. The video-core process incorrectly handles user-controlled JSON payloads, leading to a...
GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP
Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
OCS Inventory NG Webconsole Shell Upload
Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE CVE-2018-14857 Vulnerability Overview OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions...
GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser
Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...