26 matches found
PT-2021-21895 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.0 and earlier Description: The issue arises from insufficient validation of parameters during post creation, allowing authenticated attackers to cause a client-side crash of the web application via a maliciously crafted...
libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
PT-2021-4589
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML...
CVE-2021-1085
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager vGPU plugin, where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information...
Cisco Web Security Appliance AsyncOS Denial of Service Vulnerability
Cisco Web Security Appliance WSA is a set of Web security appliances from the U.S. company Cisco Cisco. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy development, etc. Cisco AsyncOS is a set of operating systems running on it. A...
phpMyAdmin '$_SESSION'数列未授权访问漏洞
Bugtraq ID: 48480 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin存在多个安全漏洞: 1,超级全局$SESSION数列中的任意变量可覆盖或使用任意值创建。 2,phpMyAdmin中的一个错误配置允许$SESSION数列中的内容写入到.php-file中,组合1漏洞可能执行任意代码。 3,$SESSION数列中的内容post验证用于函数输入可执行PHP代码。 phpMyAdmin 3.4.0 厂商解决方案 目前没有详细解决方案提供: http://www.phpmyadmin.net/...