181 matches found
SUSE CVE-2008-7159
The silcasn1encoder function in lib/silcasn1/silcasn1encode.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string...
SUSE CVE-2013-5001
Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...
SUSE CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...
SUSE CVE-2016-5039
The getattrvalue function in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via a crafted object with all-bits on...
SUSE CVE-2016-8568
The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...
SUSE CVE-2016-8569
The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...
SUSE CVE-2017-7210
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...
SUSE CVE-2020-27545
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...
F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...
SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A denial of service vulnerability...
Improper Access Control in Apache Tomcat
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
CVE-2021-42581
A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...
Code injection
DISPUTED Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because th...
CVE-2021-42581
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...
UBUNTU-CVE-2021-41119
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of servic...
CVE-2021-27475
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...
GHSA-XX8C-M748-XR4J Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...
GO-2022-0701 Directory traversal in k8s.io/kubernetes
Crafted object type names can cause directory traversal in Kubernetes. Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift...
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...
UBUNTU-CVE-2020-28596
A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...