Looking for:
- Corel Pdf Fusion : List of security vulnerabilities |
Detected Vulnerabilities and Situations in sgpkg-ips
Lotus Notes MIF attachment viewer buffer overflow. Lotus Notes WPD attachment viewer buffer overflow. Adobe PageMaker key strings buffer overflow. Lotus Notes Lotus file viewer buffer overflow. Novell Client 4. Winamp Ultravox streaming metadata artist tag buffer overflow.
Microsoft Excel rtAFDesc record invalid pointer access. Microsoft Works File Converter index table vulnerability. Microsoft Works File Converter field length buffer overflow.
Microsoft Excel conditional formatting vulnerability. Microsoft Office Drawing Shapes memory corruption vulnerability. Visual FoxPro vfp6r.
Veritas Storage Foundation Administrator service buffer overflow. Novell Client nwspool. Informix Dynamic Server sqlexec password argument buffer overflow.
Microsoft Works WkImgSrv. Borland InterBase ibserver. Lotus Expeditor cai URI handler command injection. Internet Explorer print preview argument validation vulnerability. Novell iPrint Client nipplib. Microsoft Access Snapshot Viewer file download vulnerability. Novell iPrint Client ienipp. Adobe Acrobat util. Windows Media Encoder 9 wmex. RealPlayer rjbdll.
CoolPlayer m3u playlist processing filename buffer overflow. WebEx Meeting Manager atucfobj. Oracle Secure Backup login. Microsoft Excel formula parsing integer overflow. Windows SMB credential reflection vulnerability. Alt-N SecurityGateway username buffer overflow. Windows Server Service buffer overflow MS Internet Explorer embed tag src extension buffer overflow. Windows search-ms protocol handler command execution vulnerability.
Tivoli Storage Manager Client dsmagent. Adobe Flash Player ActionScript launch command execution. Free Download Manager torrent file parsing buffer overflow. Orbit Downloader Connecting log message buffer overflow.
Microsoft WordPad Word97 text converter buffer overflow. Internet Explorer WinINet credential reflection vulnerability. Microsoft PowerPoint invalid object reference vulnerability. MS Office Word malformed Sprm record buffer overflow.
Visual Studio Active Template Library uninitialized object. Adobe Acrobat JavaScript getIcon method buffer overflow. Spreadsheet Evaluate method vulnerability. Unisys Business Information Server mnet.
Novell GroupWise Internet Agent e-mail address buffer overflow. Windows Telnet credential reflection. Safari WebKit floating point number buffer overflow. Nagios statuswml. Visual Studio Active Template Library object type mismatch vulnerability. Spreadsheet BorderAround vulnerability.
Informix Dynamic Server librpc. HP Operations Manager hidden Tomcat account. Java Runtime Environment HsbParser. Adobe Reader media. Internet Explorer Eventparam use-after-free vulnerability. Windows Media Unicast Service transport information packet buffer overflow. Microsoft Publisher File Conversion Textbox buffer overflow. Internet Explorer iepeers.
Sun Java Web Start command-line argument injection. Oracle Secure Backup Administration selector parameter command injection. Oracle Secure Backup Administration preauth variable command injection. Adobe Reader authplay. Novell iPrint Client ActiveX control call-back-url buffer overflow. Novell iManager EnteredClassName buffer overflow. An attacker could then be able to sniff the network and capture sensitive information.
The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.
The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames. The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout.
An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.
The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service DoS condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account. The affected system allows remote users to send maliciously crafted objects.
Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. Affected applications improperly assign permissions to critical directories and files used by the application processes.
The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. The specific exploit requires the application to run on Tomcat as a WAR deployment.
If the application is deployed as a Spring Boot executable jar, i. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. A memory corruption issue was addressed with improved state management.
This issue is fixed in watchOS 8. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Simple Diagnostics Agent - versions 1. This allows information gathering which could be used exploit future open-source security exploits. A feature was introduced in version 3. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data.
A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack.
The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.
In the OpenSSL 1. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1. It was addressed in the releases of 1. Fixed in OpenSSL 3. Fixed in OpenSSL 1. Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files.
The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files.
A vulnerability has been identified in Simcenter Femap V Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. Affected application contains a memory corruption vulnerability while parsing NEU files. Affected application contains a type confusion vulnerability while parsing NEU files. In the IPv4 implementation in the Linux kernel before 5. In the IPv6 implementation in the Linux kernel before 5.
A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system "backdoors" or cause a denial of service.
Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. Apache Log4j2 versions 2. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2. Log4j 2. The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.
An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Acrobat Reader DC version Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user.
In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file. A vulnerability has been identified in SiPass integrated V2.
Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. Affected applications insufficiently limit the access to the internal message broker system.
This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product.
An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files.
JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files.
JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files.
JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. Apache Log4j2 2. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
From log4j 2. From version 2. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.
The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. The plmxmlAdapterSE The Image. The Jt The DLpdfl. This could allow an attacker to cause a denial-of-service condition. In Mahara before Additional, in Mahara before An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software.
The attacker needs to have direct access to the impacted web server. The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.
Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System. FileDocument objects in some cases, regardless whether they have write access to it.
This could result in an out of bounds write past the end of an allocated structure. The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property IP data in accordance with the IEEE recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE recommended practice.
When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.
The affected file download function is disabled by default. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. The third-party component, in its TFTP functionality fails to check for null terminations in file names.
If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.
Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.
A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.
An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. A vulnerability has been identified in Teamcenter Active Workspace V4.
The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully.
An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
The affected application contains a use-after-free vulnerability while parsing OBJ files. The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files.
The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process ZDI-CAN Adobe Acrobat Reader DC version An attacker could leverage this vulnerability to bypass mitigations such as ASLR. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution.
This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. The affected systems store sensitive information in log files.
An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm.
An attacker may use this to brute force the credentials and take over the system. The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname.
An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allows an attacker to use user-supplied input to access objects directly.
The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. PDFTron prior to 9. This vulnerability can be exploited to execute arbitrary code.
An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open a malicious file. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user.
User interaction is required to exploit this vulnerability. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. It allows memory corruption during conversion of a PDF document to a different document format. It allows stack consumption during recursive processing of embedded XML nodes.
It allows writing to arbitrary files via submitForm. It allows an out-of-bounds read via util. Corel PDF Fusion 2. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application.
Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.
The affected application assigns improper access rights to a specific folder containing configuration files. Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. A restart of the affected device is needed to restore normal operations.
The plmxmlAdapterIFC. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.
An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. This could allow an attacker to execute arbitrary SQL statements. This could allow an attacker to inject malicious code that is executed when loading the attachment. This could allow an attacker to store malicious files.
An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid or vice-versa. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.
The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. A vulnerability has been identified in LOGO! An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.
An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.
The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization.
This could allow an unauthenticated attacker to execute code in the affected system. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.
The femap. This could result in an out of bounds read past the end of an allocated buffer. The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte. Although not a strict requirement, ASN. Where an application requests an ASN. This might result in a crash causing a Denial of Service attack.
It could also result in the disclosure of private memory contents such as private keys, or sensitive plaintext. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash.
The location of the buffer is application dependent but is typically heap allocated. QPDF 9. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
This issue affects: Johnson Controls Metasys All 10 versions versions prior to A flaw was found in PDFResurrect in version 0. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View Crafted data in a PDF file can trigger a write past the end of an allocated buffer.
The specific flaw exists within the handling of the delay property. It is not set by default. Starting from OpenSSL version 1. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten.
This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used.
A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. OpenSSL versions 1. Users of these versions should upgrade to OpenSSL 1. OpenSSL 1. If a TLSv1. A server is only vulnerable if it has TLSv1. All OpenSSL 1. A malformed input file could result in double free of an allocated buffer that leads to a crash.
An attacker could leverage this vulnerability to cause denial of service condition. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. This could result in an out of bounds write past the fixed-length heap-based buffer. The VisDraw. The DLCoolType.
This could result in a memory corruption condition. This could result in an out of bounds write past the end of an allocated buffer. Polaris Office v9. To exploit the vulnerability, someone must open a crafted PDF file. Foxit Reader before A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.
Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object.
An exploit could allow the attacker to execute arbitrary code on the device with root privileges. An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.
The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.
An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection.
An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash.
The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate privileges. The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.
By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.
A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.
The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution. Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection.
An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions.
This may lead to Denial-of-Service conditions. This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure.
The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. Desktop The issue results from the lack of proper initialization of a pointer prior to accessing it. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol.
Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. An out-of-bounds write was addressed with improved input validation.
This issue is fixed in iOS Processing a maliciously crafted PDF may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited. This strike exploits a buffer overflow vulnerability in Faslo Player version 7. A locally opened file with an overly large amount of data can overflow a buffer causing a denial of service and possibly leading to remote code execution.
HP Openview user ID and password buffer overflow. This strike exploits a HP Openview user name and password buffer overflow vulnerability which is due to bad input check the boundary of the length of user name and password. Remote attackers may do arbitrary code execution on the target system. This strike exploits a command injection vulnerability inside Oracle's Secure Backup Adminstration web interface. The vulnerability allows command injection by passing malicious URL encoded parameters to php scripts,.
Microsoft WINS integer overflow heap overflow. The resulting integer is later used to allocate a memory buffer on the heap, causing a heap overflow. Successful exploitation can result in the execution of arbitrary code with system privileges. The index value in certain error-related messages is used to calculate a memory offset without validation. This will allow read or write access to memory outside the intended buffer.
Successful exploitation could result in execution of arbitrary code or abnormal termination of the Gateway Server service
No comments:
Post a Comment