CVE Validated Archive | Fortify 24x7

CVE-2001-0554 (aix, debian_linux, freebsd, irix, kerberos, kerberos_5, linux_netkit, netbsd, openbsd, solaris, sunos)

by Alyssa Portillo | Jan 21, 2022 | CVE Validated | 0 |

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the...

CVE-2018-1056 (advancecomp, debian_linux, ubuntu_linux)

by Alyssa Portillo | Jan 21, 2022 | CVE Validated | 0 |

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing...

CVE-2015-7515 (linux_kernel)

by Alyssa Portillo | Jan 18, 2022 | CVE Validated | 0 |

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device...

CVE-2018-1000613 (api_gateway, banking_platform, business_process_management_suite, business_transaction_management, communications_application_session_controller, communications_converged_application_server, communications_convergence, communications_diameter_signaling_router, communications_webrtc_session_controller, data_integrator, enterprise_manager_base_platform, enterprise_manager_for_fusion_middleware, enterprise_repository, leap, legion-of-the-bouncy-castle-java-crytography-api, managed_file_transfer, oncommand_workflow_automation, peoplesoft_enterprise_peopletools, retail_convenience_and_fuel_pos_software, retail_xstore_point_of_service, soa_suite, utilities_network_management_system, webcenter_portal, weblogic_server)

by Alyssa Portillo | Jan 14, 2022 | CVE Validated | 0 |

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)...

CVE-2013-6424 (debian_linux, opensuse, pixman, ubuntu_linux)

by Alyssa Portillo | Jan 11, 2022 | CVE Validated | 0 |

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

CVE-2017-6490 (epesi)

by Alyssa Portillo | Jan 4, 2022 | CVE Validated | 0 |

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the...

CVE-2017-6489 (epesi)

by Alyssa Portillo | Jan 4, 2022 | CVE Validated | 0 |

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the...

CVE-2017-6491 (epesi)

by Alyssa Portillo | Jan 4, 2022 | CVE Validated | 0 |

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the...

CVE-2017-6487 (epesi)

by Alyssa Portillo | Jan 4, 2022 | CVE Validated | 0 |

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the...

CVE-2017-6488 (epesi)

by Alyssa Portillo | Jan 4, 2022 | CVE Validated | 0 |

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the...

CVE-2018-15573 (reprise_license_manager)

by Alyssa Portillo | Dec 21, 2021 | CVE Validated | 0 |

** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via...

CVE-2014-2815 (onenote)

by Alyssa Portillo | Dec 16, 2021 | CVE Validated | 0 |

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka “OneNote Remote Code Execution...

Category: CVE Validated