CVE-2023-32972

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation...

CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...

CVE-2025-32972

creationtimestamp| type| source ---|---|--- 2025-04-30 17:55:15+00:00| seen| https://t.me/cvedetector/24114...

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

CVE-2024-32972

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...

CVE-2024-32972

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...

CVE-2024-32972 go-ethereum denial of service via malicious p2p message

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...

CVE-2024-32972 go-ethereum denial of service via malicious p2p message

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...

CVE-2023-32972

creationtimestamp| type| source ---|---|--- 2023-10-06 20:13:43+00:00| seen| https://t.me/cibsecurity/71743...

CVE-2023-32972 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32972

CVE-2023-32972 affects QNAP QTS/QTS hero/QTScloud line: a buffer copy without input size checking can allow an authenticated administrator to execute code over the network. Root cause is improper input size handling in the affected component; no exploit details are provided in the documents. Affe...

CVE-2022-32972

creationtimestamp| type| source ---|---|--- 2023-02-17 16:13:05+00:00| seen| https://t.me/cibsecurity/58429...

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation...

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation...

CVE-2021-32972

CVE-2021-32972 affects Panasonic FPWIN Pro (all Versions 7.5.1.1 and earlier). A crafted project file can specify a URI that causes the XML parser to fetch and embed remote content, potentially disclosing information accessible in the user’s context. Public sources in the connected documents conf...

Panasonic FPWIN Pro

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: FPWIN Pro Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to retrieve sensitive...