1887 matches found
cxf: reflected XSS in the services listing page
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...
CVE-2020-11622
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368., 4.21.4-FCRFX., 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
DEBIAN-CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
Open redirect
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
UBUNTU-CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
CVE-2020-12695 "CallStranger"
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Recent assessments: kevthehermit at June 0...
CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
DEBIAN-CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
Integer overflow
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
UBUNTU-CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
CVE-2019-20805
The CVE-2019-20805 issue affects UPX (PackLinuxElf32/64: p_lx_elf.cpp) prior to 3.96, caused by an integer overflow during unpacking in a PT_DYNAMIC segment. Public documents describe a heap/string vulnerability surface through crafted input impacting UPX’s ELF packing logic, with the CVSS metric...
CVE-2019-20805
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...
PT-2020-10775 · Upx Team +1 · Upx +1
Name of the Vulnerable Software and Affected Versions: UPX versions prior to 3.96 Description: The issue arises from an integer overflow in the p lx elf.cpp file during the unpacking process, specifically when encountering crafted values in a PT DYNAMIC segment. Recommendations: For versions prio...
Oracle Application Testing Suite (Apr 2020 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by a Server Side Request Forgery SSRF vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications component: Core Apache Axis. The supported versions which are...
Denial Of Service (DoS)
kvm is vulnerable to denial of service. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO TCP segment offloading implementation, a guest's virtio-net driver would transmit improper...
ZSQL: IP Address Blacklist
The IP address blacklist is configured by setting the TCPEXCLUDEDNODES parameter. After IP address whitelist/blacklist checking is enabled and the IP address blacklist is configured, the blacklisted clients cannot access the database. Such a blacklist allows for IPv4 and IPv6 addresses, as well a...