CWE-20— Improper Input Validation

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in…

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could e…

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to …

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insuff…

Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.

Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.

In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a security bypass vulnerability. Successful exp…

A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the …

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitr…

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due t…

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.

processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The v…

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to c…

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-f…

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vuln…

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerab…

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerabilit…

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can rein…

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpected…

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation i…

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condit…

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resul…

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail addre…

A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attack…

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a…

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only oc…

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would…

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but…

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to…

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling.

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.