54 matches found
CVE-2023-20102 Cisco Secure Network Analytics Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into syst...
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
Design/Logic Flaw
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
Fixed in Apache Tomcat 10.1.2
Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143 The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
Fortinet FortiNAC SQL Injection Vulnerability
Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...
Sql injection
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. Th...
Denial of service
The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...
GHSA-5653-437F-5HMC Denial of service
The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...
[SECURITY] Fedora 36 Update: librttopo-1.1.0-8.fc36
The RT Topology Library exposes an API to create and manage standard ISO 13249 aka SQL/MM topologies using user-provided data stores...
GHSA-29GP-2C3M-3J6M Sandbox Escape by math function in smarty
Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...
Remote Code Execution (RCE)
aaptjs is vulnerable to remote code execution. The vulnerability exists because of lack of sanitization of user-provided data in the add function, allowing an attacker to provide malicious code via its filePath parameter...
Arbitrary File Extraction
elfinder.netcore is vulnerable to arbitrary file extraction. Lack of secure validation of user-provided data to the ExtractAsync method allows attacker to extract arbitrary files...
Path Traversal
elfinder.netcore is vulnerable to path traversal. Lack of sanitization of user-provided data to the Path.Combine... method allows attacker to input malicious characters to access files and directories outside the destination folder...
CVE-2020-11306
Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...
Integer overflow
Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...
CVE-2020-5905
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...
Remote Code Execution (RCE)
access-policy is vulnerable to remote code execution RCE. The attack is possible because user-provided data is directly executed by the eval in the template function without validation...
Crosss-Site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The stats method of class-wp-object-cache.php does not sanitize the user-provided data, allowing an attacker to inject malicious script to be executed when a user loads the page...