626 matches found
The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server are due to insufficient validation of input data. This allows attackers to execute arbitrary code.
The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of the SimpleEvaluationContext class in the Spring Data Commons data management platform and the Spring Data REST framework for creating web services allows a attacker to execute arbitrary code.
The vulnerability of the SimpleEvaluationContext class in the Spring Data Commons data management platform and the Spring Data REST web framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially...
Cisco Identity Services Engine 跨站脚本漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to monitor the network. A cross-site scripting vulnerability exists in...
CVE-2022-3661
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...
Vulnerability of the Shell component: The Core Client for command-line and code editor, Oracle MySQL Shell, allows an attacker to gain access to read, modify, add, or delete data.
The vulnerability of the Shell component: The Core Client for command-line input and the Oracle MySQL Shell code editor have vulnerabilities due to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to gain read, modify, add, or delete data permissions...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
PT-2022-5281 · Oracle +7 · Mysql Server +6
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.30 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of the MySQL Server product. This allows an attacker with network access via multiple protocols to...
Nepxion 安全漏洞
Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...
The vulnerability of the disaster recovery tool for Azure virtual machines – Azure Site Recovery and VMWare to Azure – arises due to insufficient validation of input data. This vulnerability allows attackers to trigger service failures.
The vulnerability of the disaster recovery tool for Azure virtual machines exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the RPKI validator OctoRPKI, related to insufficient validation of input data, allows a violator to trigger a service failure.
The vulnerability of the RPKI validator OctoRPKI is related to the use of a zero value during the generation of Route Origin Authorisations. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
MediaWiki 资源管理错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A resource management error vulnerability exists in MediaWiki version 1.38.2, which stems from th...
The vulnerability of the eBPF subsystem in the Linux operating system allows a hacker to cause a service failure, an application to terminate abnormally, or execute arbitrary code.
The vulnerability of the eBPF subsystem in the Linux operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures, unexpected termination of applications, or execute arbitrary code...
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat, and Adobe Acrobat Reader lies in insufficient validation of input data, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat, and Adobe Acrobat Reader are related to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to gain unauthorize...
The vulnerability of the XML Publisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain unauthorized access to protected information.
The vulnerability of the XML Publisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...
USN-5547-1 nvidia-graphics-drivers-390, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-470, nvidia-graphics-drivers-470-server, nvidia-graphics-drivers-510, nvidia-graphics-drivers-510-server, nvidia-graphics-drivers-515, nvidia-graphics-drivers-515-server vulnerabilities
Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-31607 Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled...
CVE-2022-20890
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20879
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20906
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
CVE-2022-20893
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to insufficient validation of input data, allows attackers to execute arbitrary code or cause service failures.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...