1286 matches found
Unspecified vulnerability in slp-validate
slp-validate is a lightweight SLP Simple Ledger Protocol validator with features such as pre-broadcast validation and burn protection. slpjs is a JavaScript library for validating and building Simple Ledger Protocol SLP. A security vulnerability exists in versions of slp-validate prior to 1.2.1,...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...
ZSQL: Check for users with GRANT ANY PRIVILEGE permission
Searches for users with GRANT ANY PRIVILEGE permission and checks whether they are authorized to have it. Users with this permission can grant any permission to any user. Therefore, grant this permission only when absolutely necessary. Copyright C 2020 Greenbone Networks GmbH Some text descriptio...
Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.11.41204, Platform Build 14.0.41143)
None None...
UBUNTU-CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...
Information Disclosure
schema-inspector is vulnerable to information disclosure. The vulnerability exists as the sanitize and validate functions can be bypassed, causing object's prototype properties to be enumerable...
CVE-2019-10781
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
CVE-2019-10781
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
Code injection
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
CVE-2019-10781
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
CVE-2019-10781
Schema-inspector (JS package) is affected by CVE-2019-10781 through versions before 1.6.9. A specially crafted JavaScript object can bypass sanitize() and validate(), enabling information exposure and potential property tampering. The root cause is the bypass of input sanitisation/validation with...
UBUNTU-CVE-2019-20388
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...
Heap overflow
Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909...
CVE-2019-10602
CVE-2019-10602 affects Qualcomm display components (display HW composer) on Snapdragon platforms (APQ8053, APQ8096AU/APQ8098, MDM9…/MSM89xx, SDM845, SM8150, etc.). Description: potential use-after-free heap error during Validate/Present calls in the display HW composer, leading to local impact wi...
CVE-2019-19032
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...
Xxe
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...
CVE-2019-19032
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...
CVE-2019-19032
XMLBlueprint XML Editor version 16.191112 and earlier is affected by XML External Entity (XXE) Injection (CVE-2019-19032). A crafted XML payload can trigger the XML Validate function to read arbitrary files, enabling Arbitrary File Read during validation. The vulnerability is linked to the XML Ex...