4651 matches found
CVE-2023-46052
Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file...
CVE-2023-46047
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file...
CVE-2023-46047
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file...
Sane 安全漏洞
SANE Backends is an application programming interface API and communication protocol used to regulate communication between software and digital imaging devices. A security vulnerability exists in Sane version 1.2.1 that stems from a heap boundary that can be overwritten via a long initmode strin...
CVE-2023-46052
Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file...
CVE-2023-46052
Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file...
CVE-2023-46047
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file...
CVE-2023-46052
Sane 1.2.1 is affected by a CVE-2023-46052 heap bounds overwrite in init_options() via a long init_mode string in a configuration file. The root cause is in backend/test.c. The description is disputed: there is no expectation that test.c runs with an attacker-controlled configuration file. Public...
RHEL 8 : fwupd (RHSA-2024:1403)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1403 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
EulerOS Virtualization 2.10.0 : python-configobj (EulerOS-SA-2024-1388)
According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...
EulerOS 2.0 SP8 : python-configobj (EulerOS-SA-2024-1292)
According to the versions of the python-configobj packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...
[SECURITY] Fedora 40 Update: maven-verifier-plugin-1.1-6.fc40
Assists in integration testing by means of evaluating success/error conditions read from a configuration file...
Heap overflow
zlog 1.2.16 has a heap-based buffer overflow in struct zlogrules while creating a new rule that is already defined in the provided configuration file. A regular user can achieve arbitrary code execution...
CVE-2024-27287 ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...
CVE-2024-27287 ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate sessi...
GHSA-9P43-HJ5J-96H5 esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate sessi...
BIT-GITEA-2022-27313
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...
RHEL 8 : fwupd (RHSA-2024:1106)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...