CWE-20

Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6.

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.