293 matches found
Input validation
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution...
CVE-2023-5058
Phoenix SecureCore Technology 4 is affected by an improper input validation issue in the processing of user-supplied splash screens during system boot, which could allow denial-of-service or arbitrary code execution. Affected product: Phoenix SecureCore Technology 4 firmware. Root cause: improper...
PT-2023-7436 · Phoenix · Phoenix Securecore Technology
Name of the Vulnerable Software and Affected Versions: Phoenix SecureCore Technology version 4 Description: The issue is related to improper input validation in the processing of user-supplied splash screens during system boot. This could potentially allow an attacker to cause a denial-of-service...
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
DEBIAN-CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
Input validation
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS...
CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
UBUNTU-CVE-2023-38324
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
How to add QR Code to the NetScaler Gateway Login page .
How to add QR file to the NetScaler Splash Screen...
CVE-2023-29459
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...
PT-2023-22267 · Red Bull · Laola.Redbull
Name of the Vulnerable Software and Affected Versions: laola.redbull application through 5.1.9-R for Android Description: The laola.redbull application exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI...
[SECURITY] Fedora 37 Update: plymouth-kcm-5.27.1-1.fc37
This is a System Settings configuration module for configuring the plymouth splash screen...
SUSE CVE-2006-0301
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as 1 poppler, 2 kdegraphics, 3 gpdf, 4 pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed...
SUSE CVE-2008-5358
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll...
SUSE CVE-2009-3604
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted P...
SUSE CVE-2009-3605
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file, related to 1 glib/poppler-page.cc; 2 ArthurOutputDev.cc, 3 CairoOutputDev.cc, 4 GfxState.cc, 5 JBIG2Stream.cc, ...
SUSE CVE-2013-1789
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via vectors related to the 1 Splash::arbitraryTransformMask, 2 Splash::blitMask, and 3 Splash::scaleMaskYuXu functions...
SUSE CVE-2016-4323
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image...