1269 matches found
GSD-2021-1002688 mac80211: validate extended element ID is present
mac80211: validate extended element ID is present This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...
Bentley View JT File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability
Bentley View is a free viewer from Bentley Systems, Inc. Bentley View JT file parsing stack buffer overflow remote code execution vulnerability is due to failure to properly validate the length of user-supplied data before copying it to the stack buffer. An attacker could exploit this vulnerabili...
GSD-2021-1002230 usb: host: ohci-tmio: check return value after calling platform_get_resource()
usb: host: ohci-tmio: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.291 by commit...
OSV-2021-1592 Heap-buffer-overflow in arrow::internal::ValidateArrayImpl::Visit
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41143 Crash type: Heap-buffer-overflow READ 4 Crash state: arrow::internal::ValidateArrayImpl::Visit arrow::internal::ValidateArrayImpl::ValidateWithType arrow::internal::ValidateArrayImpl::Validate...
CVE-2021-26326
CVE-2021-26326 describes a failure to validate VM_HSAVE_PA during SNP_INIT that can compromise memory integrity on AMD platforms. Public details in connected sources indicate the vulnerability affects AMD 3rd Gen EPYC processors (Milan) per the AMD Server Vulnerabilities bulletin AMD-SB-1021, wit...
Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion
The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...
CVE-2021-39121
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...
ZOHO ManageEngine Log360 Cross-Site Scripting Vulnerability
ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. A cross-site scripting vulnerability exists in ZOHO ManageEngine Log360, which stems from the product's failure to validate user data. An attacker could execute client-side...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the Ideas area when adding a comment in the discussion area 🕵️♂️ Proof of Concept Goto http://localhost/ideas/showBoards and click on add an idea and copy paste the following xss payload in the discussion field javascript " Click on safe and see...
PYSEC-2021-768
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...
Foxit Reader and Foxit PhantomPDF Arbitrary File Write Vulnerability
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...
UVI-2021-1001470 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...
GSD-2021-1001470 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...
GSD-2021-1001439 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.277 by commit...
GSD-2021-1001407 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.241 by commit...
UVI-2021-1001320 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.135 by commit...
UVI-2021-1001258 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.53 by commit...
UVI-2021-1001234 bus: mhi: core: Validate channel ID when processing command completions
bus: mhi: core: Validate channel ID when processing command completions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...
GSD-2021-1001234 bus: mhi: core: Validate channel ID when processing command completions
bus: mhi: core: Validate channel ID when processing command completions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...
CVE-2021-32796 Misinterpretation of malicious XML input in xmldom
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...