juniper_networks -- srx_series_and_nfx_series_devices. in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.

If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database. Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability. The post news feature has Stored XSS via the content field.

index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. This affects all versions of package com.mintegral.msdk:alphab. An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. CISA is part of the Department of Homeland Security, National Institute of Standards and Technology. An attacker can send the victim a specific GIF file to trigger this vulnerability. An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. NOTE: this might overlap CVE-2018-7453.

If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. Was ZDI-CAN-11657. A memory leak in the TFTP service in B&R Automation Runtime versions XmlRpcServlet /roller-services/xmlrpc -->. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. Insufficient permission check allows attacker with developer role to perform various deletions. SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. Successful exploitation could lead to arbitrary code execution . On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. script file was mishandled, potentially leading to an execve call to a program named on the second line. An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. NVD is sponsored by CISA. AttacheCase ver. and earlier allows an arbitrary script execution via unspecified vectors. Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.

A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). An attacker can send a malicious packet to trigger this vulnerability.

This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. There is a SQL injection via the /index.php/Customer/read limit parameter. In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload.

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization.

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. or comes from a Google app (the package) b. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. FileRun 2019.05.21 allows images/extjs Directory Listing. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted.
This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment.