The vulnerability of the mpatch_apply function in the Mercuria version control software allows a attacker to compromise data integrity.

The vulnerability of the mpatchapply function in the Mercuria version control tool is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

The vulnerability of the libseccomp-golang software, related to the lack of input validation mechanisms, allows attackers to compromise data integrity.

The vulnerability of the libseccomp-golang software is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker operating remotely to compromise the integrity of data...

The vulnerability of the `resetAccumulator` function in the `src/select.c` file of the SQLite database management system allows a hacker to cause a service failure.

The vulnerability of the resetAccumulator function in the src/select.c file of the SQLite database management system is related to a lack of mechanisms for checking input data. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...

GHSA-F4HQ-453J-P95F Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

CVE-2020-24683

The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

Buffer Error Vulnerability in Multiple Qualcomm Products

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in multiple Qualcomm products that stems from a lack of input validation checks on values received from the user side, resulti...

Google Android Buffer Error Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. Google Android Pixel suffers from a buffer error vulnerability that originates when a networked system or product performs an operation in memory without properly validating data boundaries,...

PDFResurrect 缓冲区错误漏洞

PDFResurrect is a tool for analyzing PDF documents to help extract old "hidden" versions of pdf from the current pdf. pdfgetversion in versions prior to PDFResurrect 0.20 has a heap buffer overflow vulnerability. . The vulnerability stems from a lack of header validation checks in PDFResurrect. N...

CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

CVE-2020-17410

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PhantomPDF Remote Code Execution Vulnerability (CNVD-2020-62457)

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A remote code execution vulnerability exists in the parsing of GIF files in Foxit PhantomPDF 10.0.1.35811 and earlier versions. The vulnerability stems from a failure to validate the...

PYSEC-2020-124

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, the code is...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

CVE-2020-24948

The aoccssimport AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

8x8: 2FA Disable With Wrong Password - Response Tampering.

The application contained a business logic flaw that resulted in missing validation when removing 2FA on the authenticated account...

keycloak: missing input validation in IDP authorization URLs

A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

CVE-2020-13245

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.61.2.19 through 1.0.11.10010.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P...