net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

CVE-2023-42803 BigBlueButton Unrestricted File Upload vulnerability

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures...

Bludit 跨站脚本漏洞

Bludit CMS is an open source lightweight blog content management system CMS. v3.13.1 of Bludit CMS contains a cross-site scripting vulnerability that originates from the lack of filtering and validation of user input data on the /admin/new-content page. An attacker could use this vulnerability to...

GHSA-6W7G-P4JH-RF92 "Verify All" Returns Success Despite Validation Failures in Singularity

Impact The --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. The SIF objects that are not verified are reported in WARNING log messages, but a Container Verified message and exit code of 0 are returned. Workflo...

Apache XmlGraphics Commons Server-Side Request Forgery Vulnerability

Apache XmlGraphics Commons is Apach open source a system library . Provides several reusable libraries. Apache XmlGraphics Commons 2.4 suffers from a server-side request forgery vulnerability that stems from the failure of XMPParser to properly validate inputs, which can be exploited by an attack...

Linux kernel 资源管理错误漏洞

Red Hat Enterprise Linux is a Linux operating system for business users from Red Hat. A resource management error vulnerability exists in Red Hat Enterprise Linux, which arises when a network system or product performs an operation in memory without properly validating data boundaries, resulting ...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS. The vulnerability exists due to a memory leak in the status argument when validation failures. This is caused lack of validation of the list of strings that is passed into dlpack.todlpack...

CVE-2019-15972

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

Vulnerabilities fixed in Jackson databind

Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...

Azure DevOps Server and Team Foundation Server Cross-Site Scripting Vulnerability

Azure DevOps Server, formerly known as Team Foundation Server TFS, is a locally hosted set of collaborative software development tools.Azure DevOps Server integrates with existing IDEs or editors to enable cross-functional teams to effectively handle projects of all sizes.Team Foundation Server i...

[ASA-201811-12] powerdns: denial of service

Arch Linux Security Advisory ASA-201811-12 ========================================== Severity: Medium Date : 2018-11-12 CVE-ID : CVE-2018-10851 CVE-2018-14626 Package : powerdns Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-804 Summary ======= The package powerd...

VirtueMart Joomla ECommerce Edition 1.0.11 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute...

Valdersoft Shopping Cart 3.0 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12916/info Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out...

Authentication flaw

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID...

konversation irc client 0.15 - Multiple Vulnerabilities

konversation irc client 0.15 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12312/info Konversation is a freely available IRC client for KDE windows environments on Linux platforms. Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to...