CVE-2020-13245

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.61.2.19 through 1.0.11.10010.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P...

DEBIAN-CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

CVE-2020-6248

SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

The vulnerability of Google Chrome’s JavaScript script handlers, related to the lack of input validation mechanisms, allows attackers to gain unauthorized access to protected information.

The vulnerability of Google Chrome’s JavaScript script handler is related to the lack of data validation mechanisms. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information through a specially crafted web page...

The vulnerability of Google Chrome’s mechanism for processing external browser protocols lies in the lack of a mechanism for checking entered data. This allows attackers to compromise the integrity of the data.

The vulnerability of Google Chrome’s mechanism for processing external browser protocols is related to the lack of a mechanism for checking entered data. Exploiting this vulnerability allows an attacker to influence the integrity of data by creating a malicious HTML page...

Periscope Holdings BuySpeed Cross-Site Scripting Vulnerability

Periscope Holdings BuySpeed is a procurement process management system from Periscope Holdings, USA. The system includes vendor management, purchasing management, order management and contract management functions. A cross-site scripting vulnerability exists in Periscope Holdings BuySpeed version...

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

Canon Oce Colorwave 500 cross-site scripting vulnerability (CNVD-2020-18988)

The Canon Oce Colorwave 500 is a printer from Canon Japan. A cross-site scripting vulnerability exists in the 'settingId' parameter of the settingDialogContent.jsp page of the web application in Canon Oce Colorwave 500 version 4.0.0.0. The vulnerability stems from a lack of proper validation of...

Giting Command Execution Vulnerability

Giting is a Git version control system server. A security vulnerability exists in Giting versions prior to 0.0.8, which is caused by the program executing the 'repo' parameter of the 'pull' function without performing arbitrary validation. The vulnerability can be exploited to execute arbitrary...

CVE-2020-8132

Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...

Dojox Cross-Site Scripting Vulnerability

DojoX is a domain application for developing other Dojo features. A cross-site scripting vulnerability exists in dojox. The vulnerability stems from the WEB application lacking proper validation of client-side data. An attacker can exploit this vulnerability to execute client-side code...

Simplejobscript.com SJS SQL Injection Vulnerability

Simplejobscript.com SJS is a WEB based recruitment application service program. A SQL injection vulnerability exists in Simplejobscript.com SJS, which stems from a lack of validation of externally entered SQL statements in database-based applications and can be exploited by an attacker to execute...

CVE-2019-11554

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service...

SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c

A heap-based buffer overflow was discovered in SDL in the SDLBlitCopy function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDLLoadBMPRW function. An application that uses SDL to parse untrusted input files...

Xoops Cross-Site Scripting Vulnerability (CNVD-2019-42843)

Xoops is an open source PHP and MySQL based content management system from the Xoops team. The system can be used to create online communities. Xoops suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of measures to sanitize input data, allowing a intruder to execute arbitrary code.

The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

The vulnerability of D-Link DIR-823G router’s microprogramming software lies in the lack of measures to clean incoming data in the SetStaticRouteSettings field. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of D-Link DIR-823G router’s microprogramming software is related to the lack of measures for cleaning incoming data in the SetStaticRouteSettings field. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the...

DEBIAN-CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

CVE-2019-17142

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...