530 matches found
Tobesoft Xplatform Resource Management Error Vulnerability
Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A resource management error vulnerability exists in Tobesoft Xplatform versions 9.1 through 9.2.2. An...
Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)
Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...
UBUNTU-CVE-2020-12284
cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check...
CVE-2020-9294
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
Dell EMC Isilon OneFS Resource Management Error Vulnerability
Dell EMC Isilon OneFS is a horizontally scalable storage system for unstructured data from Dell USA. A resource management error vulnerability exists in Dell EMC Isilon OneFS 8.2.2 and prior versions. An attacker could exploit this vulnerability to cause a denial of service...
Cisco SD-WAN Solution software Privilege Permission and Access Control Issues Vulnerability
Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privilege-granting and access-control issue vulnerability exists in Cisco SD-WAN Solution software prior to Release 19.2.2, which arises from the program's failure to adequately validate input. A local attacker can exploi...
PT-2020-5160 · Python Imaging Library +1 · Pillow +1
Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is caused by the FpxImagePlugin.py file calling the range function on an unvalidated 32-bit integer, which can lead to a denial of service DoS if the number of bands is large. On Windows...
Fortinet FortiSIEM Information Disclosure Vulnerability
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM 5.2.2...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
Magento Input Validation Error Vulnerability (CNVD-2019-44999)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An input validation error vulnerability exists in Magento versions 2.3.1 before 2.3, 2.2.8 before 2.2, and 2.1.17...
PT-2019-7492 · Pippin Williamson · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...
CVE-2019-4513
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555...
Magento encryption issue vulnerability (CNVD-2019-40841)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An encryption issue vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and...
Arbitrary File Deletion Vulnerability in HYBBS
HYBBS is a MVC-structured program based on HYPHP framework. An arbitrary folder deletion vulnerability exists in HYBBS Community Forum System V2.2.820190701. An attacker can exploit this vulnerability to arbitrarily delete arbitrary files...
Apache Archiva Input Validation Error Vulnerability
Apache Archiva is a suite of software from the Apache USA Software Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. An input validation error vulnerability exists in...
UBUNTU-CVE-2019-2556
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
SQL Injection Vulnerability in nucms v2.2
NUCMS is a content management system based on PHP+MYSQL technology developed by Liaocheng Leadsun Network Technology Co. NUCMS v2.2 has a SQL injection vulnerability that can be exploited by attackers to obtain database information...
Red Hat oVirt ovirt-engine Information Disclosure Vulnerability
Red Hat oVirt is an open source virtualization management platform from Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side. oVirt-engine is one of the management engines. An information disclosur...
Code Execution Vulnerability in LeShang Mall System v2.2.0
LeShang mall system is a based on THINKPHP5.0 as the core development of a free open source professional mall system. Code execution vulnerability exists in LeShang Mall System v2.2.0. An attacker can exploit the vulnerability to write arbitrary files and gain server privileges...
H2O Buffer Overflow Vulnerability (CNVD-2018-16256)
H2O is a set of open source Web server software . A buffer overflow vulnerability exists in H2O 2.2.4 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...