183 matches found
CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...
EUVD-2020-20053
Malware in sbrugna...
EUVD-2023-1710
Malicious code in bioql PyPI...
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
...
DEBIAN-CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...
CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting...
CVE-2023-34624
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2023-34613
An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2024-23934 Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target...
jackson-databind: denial of service via cylic dependencies
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...
Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Summary Symfony 1 has a gadget chain due to dangerous unserialize in sfNamespacedParameterHolder class that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will...
Medium: jtidy
Issue Overview: An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CVE-2023-34623 Affected Packages: jtidy Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...
jackson-databind: denial of service via cylic dependencies
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...
VulnCheck KEV: CVE-2019-15642
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it...
The vulnerability in the elf.c component of the GNU Binutils development environment allows a hacker to trigger a service failure.
The vulnerability of the elf.c component in the GNU Binutils development environment is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure using a specially created object file...
SUSE CVE-2023-34623
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...