PT-2023-7985 · One Identity +3 · Syslog-Ng +5

Name of the Vulnerable Software and Affected Versions: One Identity syslog-ng versions 3.0 through 3.37 syslog-ng Premium Edition version 7.0.30 syslog-ng Store Box version 6.10.0 Description: The issue is related to an integer overflow in the RFC3164 parser, which can be exploited by remote...

PT-2023-14913

Name of the Vulnerable Software and Affected Versions Black Box KVM Firmware version 3.4.31307 Description The issue allows an attacker to perform path traversal, potentially leading to the theft of user credentials and other sensitive information through local file inclusion. Recommendations For...

DEBIAN-CVE-2022-46489

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gfisomboxparseex function at boxfuncs.c...

DEBIAN-CVE-2022-46490

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrtboxread function at boxcodeadobe.c...

UBUNTU-CVE-2022-46489

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gfisomboxparseex function at boxfuncs.c...

UBUNTU-CVE-2022-46490

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrtboxread function at boxcodeadobe.c...

GPAC MP4Box 安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, etc. A security vulnerability exists in GPAC MP4Box version 2.1-DEV-rev505-gb9577e6ad-master, which ste...

@sweco/sweco-digital-platforms (>=5.0.26 <=5.1.2), @sweetui/sweet-mobile-sdk (>=1.6.3 <=1.6.7) +3 more potentially affected by CVE-2023-26133 via progressbar.js (>=1.0.1 <=1.1.0)

progressbar.js NPM version =1.0.1, =5.0.26, =1.6.3, =2.16.0, =1.0.33, =1.0.13, =1.0.14 Source cves: CVE-2023-26133 Source advisory: SNYK:JS-PROGRESSBARJS-3184152...

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...

Show All Comments < 7.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. Visit the following URL authenticated or not to trigger an alert box:...

pdftojson 缓冲区错误漏洞

pdftojson is Johnson Liang open source a pdftotext wrapper . Use bounding box data to generate JSON. pdftojson 94204bb version of a security vulnerability , the vulnerability stems from the component Stream::makeFilterchar, Stream, Object, int there is a stack overflow...

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow

...

WordPress Fancier Author Box by ThematoSoup plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...

DEBIAN-CVE-2022-45202

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimCboxread at isomedia/boxcode3gpp.c...

UBUNTU-CVE-2022-45202

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimCboxread at isomedia/boxcode3gpp.c...

GPAC 安全漏洞

GPAC is an open source multimedia framework. GPAC version v2.1-DEV-rev428-gcb8ae46c8-master is vulnerable to a memory leak that originates from a failure or inability to free dynamically allocated heap memory in the dimCboxread function of isometria/boxcode3gpp.c. An attacker could exploit the...

GPAC 缓冲区错误漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version v2.1-DEV-rev428-gcb8ae46c8-master, which stems from a discovery of a stack overflow vulnerability contained in the dimCboxread function in isomedia/boxcode3gpp.c. The vulnerability is caused by an error i...

CVE-2022-3833

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...