1089 matches found
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-1000207
A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...
CVE-2017-7550
A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
Design/Logic Flaw
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
CVE-2017-1000208
CVE-2017-1000208 involves Swagger-Parser 1.0.30 and earlier with YAML parsing that enables arbitrary code execution when processing crafted OpenAPI specs. It impacts Swagger Codegen commands generate/validate (
CVE-2017-1000208
A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...
Foxit Reader Buffer Overflow Vulnerability (CNVD-2017-36065)
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A buffer overflow vulnerability exists in Foxit Reader version 8.3.2.25013. A remote attacker can exploit this vulnerability with a specially crafted .xps file to cause a denial of service or execute arbitrary code...
CVE-2017-7822
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...
Medium: ruby22, ruby23
Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...
Artifex MuPDF Denial of Service Vulnerability (CNVD-2017-35028)
Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in Artifex MuPDF version 1.11. The vulnerability can be exploited by an attacker to cause a denial of service with the help of a specially crafted .xps file...
UBUNTU-CVE-2017-14687
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name...
DEBIAN-CVE-2017-14685
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...
DEBIAN-CVE-2017-14686
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because readzipdirimp in fitz/unzip.c does not check...
rbenv Directory Traversal Vulnerability
rbenv is a versioning tool for Ruty. A directory traversal vulnerability exists in the specification of the Ruby version in rbenv. A remote attacker can exploit this vulnerability to execute code...
CVE-2017-14568
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."...
Exploit for Deserialization of Untrusted Data in Apache Struts
Description Apache Struts RCE tool for CVE 2017-9805 O...