The vulnerability of the copy function for essential data provided by the supplier to business partners of the SAP Supplier Relationship Management application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the copy function for the supplier’s main data for application partners of SAP Supplier Relationship Management relates to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access...

libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the TIFFmemcpy function in libtiff/tifunix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

PT-2023-9348 · Yasm +3 · Yasm +3

Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0 Description: The issue is related to a memory leak in the yasm intnum copy function of the YASM assembler. This memory leak occurs due to the lack of memory release after its effective term of service. Exploitation of this...

Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

SUSE CVE-2006-1608

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI...

SUSE CVE-2017-8361

The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

SUSE CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper...

SUSE CVE-2018-13875

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VMmemcpyvv in H5VM.c...

SUSE CVE-2018-14031

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Tcopy in H5T.c...

SUSE CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

SUSE CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

Velociraptor vulnerable to Missing Authorization

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

CVE-2023-0242

Technical details (affected components, versions, exploit steps, mitigations) for CVE-2023-0242 are not provided in the connected documents. Monitor for updates from authoritative sources to obtain concrete technical details and remediation guidance.

PT-2023-16105 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.7-5 Description: The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy function not checking for permission to write files. T...

PT-2022-36799 · Git +1 · Relic

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE crash has been reported, involving functions such as dv copy, bn lsh, and cryptofuzz::module::relic bignum::LShift1::Run...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF v4.04 version of a security vulnerability , the vulnerability stems from the attacker can be achieved through its xpdf/Stream.cc component of the...

AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

UBUNTU-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developer jindw. A security vulnerability exists in XMLDOM versions prior to 0.8.3, which stems from the discovery that the p variable of the copy function of the dom.js of the XMLDOM package contains a prototype...