PT-2023-6283 · Unknown · Sante Dicom Viewer Pro

Name of the Vulnerable Software and Affected Versions: Sante DICOM Viewer Pro affected versions not specified Description: The issue is related to the lack of proper validation of user-supplied data when parsing DICOM files, which could lead to a stack-based buffer overflow. An attacker could...

Siemens Tecnomatix Plant Simulation PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

F5 BIG-IP Edge Data Validation Error Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. A data validation error vulnerability exists in F5 BIG-IP Edge, which can be exploited by an attacker to eleva...

Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

F5 BIG-IP 数据伪造问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. A data validation error vulnerability exists in F5 BIG-IP Edge, which can be exploited by an attacker to eleva...

Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF...

CVE-2023-42449

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

Lack of Input Validation

Lines of code Vulnerability details Impact Neither function appears to validate the length of the users array, which opens the door for misuse or unexpected behavior. Proof of Concept A user can pass an empty array or an exceedingly large array to disrupt expected behavior. Tools Used Manual code...

PT-2023-6113 · Ansys · Ansys Spaceclaim

Name of the Vulnerable Software and Affected Versions: Ansys SpaceClaim affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. It requires user interaction, where the target must visit a malicious pa...

(0Day) MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAP files...

Cacti link Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability. The specific flaw exists within the link endpoint. The issue results from the lack of proper validation of data retrieved from the...

CVE-2023-3769

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication,...

Input validation

Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol 1925/UDP to obtain device-specific information without the need for authentication...

CVE-2023-3769

CVE-2023-3769 is an input‑validation flaw reported in Ingeteam components (INGEPAC EF/DA) that can be exploited over the network to fuzz and trigger a DoS via the MMS protocol, potentially rebooting the device and services. The connected sources cite affected firmware/versions (e.g., INGEPAC DA34...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to insufficient input data validation, allows a perpetrator to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to insufficient input data validation, allows a perpetrator to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

SUSE CVE-2023-40476

GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...