MAL-2025-35704 Malicious code in test-mlw2-loamy-wands-poult-bract (npm)

The package test-mlw2-loamy-wands-poult-bract was found to contain malicious code...

CVE-2024-35704

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5...

CVE-2024-35704 WordPress BlockArt Blocks plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5...

CVE-2024-35704 WordPress BlockArt Blocks plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5...

WordPress BlockArt Blocks Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software BlockArt Blocks Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35704 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e922f475370e Credits Ngô Thiên An ancorn from VNPT-VCI...

Debian dla-3785 : gtkwave - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3785 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3785-1 [email protected]...

Debian dsa-5653 : gtkwave - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5653...

Fedora 39 : gtkwave (2024-2647382c5f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2647382c5f advisory. Cumulative bug-fix update. This update includes fixes for multiple security issues found by Talos in which specially crafted input files could lead ...

CVE-2023-35704

creationtimestamp| type| source ---|---|--- 2024-01-16 21:16:41+00:00| seen| https://t.me/ctinow/169004...

CVE-2023-35704

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

CVE-2023-35704

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

CVE-2023-35704

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

CVE-2023-35704

CVE-2023-35704 affects GTKWave, a waveform viewer for VCD files. The vulnerability stems from the FST LEB128 varint handling in the function fstReaderVarint32WithSkip , causing stack-based buffer overflow that can enable arbitrary code execution when opening a crafted .fst file. The CVE is associ...

GTKWave FST LEB128 varint stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1783 GTKWave FST LEB128 varint stack-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-35704,CVE-2023-35703,CVE-2023-35702 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of...

CVE-2022-35704

creationtimestamp| type| source ---|---|--- 2022-09-19 20:38:03+00:00| seen| https://t.me/cibsecurity/50051...

CVE-2022-35704

Adobe Bridge version 12.0.2 and earlier and 11.1.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2022-35704

Adobe Bridge (Windows/macOS) is affected in versions 12.0.2 and earlier, and 11.1.3 and earlier, by a Use-After-Free vulnerability in SVG/file parsing that could lead to arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim opens a malicious file)....

Adobe Bridge 11.x < 11.1.4 / 12.x < 12.0.3 Multiple Vulnerabilities (APSB22-49)

The version of Adobe Bridge installed on the remote Windows host is prior to 11.1.4 or 12.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb22-49 advisory. - Adobe Bridge version 12.0.2 and earlier and 11.1.3 and earlier are affected by a Heap-based Buffer...

CVE-2020-35704

creationtimestamp| type| source ---|---|--- 2020-12-25 12:55:53+00:00| seen| https://t.me/cibsecurity/21302...

CVE-2020-35704

CVE-2020-35704 affects Daybyday version 2.1.0. The vulnerability is a stored cross-site scripting (XSS) flaw in the Title parameter of the New Lead screen, allowing an attacker-supplied payload to be stored and subsequently rendered to users. Primary impact is client-side data integrity and poten...