4728 matches found
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...
PKCS12 Decoding crashes
...
The vulnerability of the decoding method used by the Avalanche mobile device management system allows a hacker to gain unauthorized access to protected information or cause service failures.
The vulnerability of the decoding method used by the Avalanche mobile device management system lies in the writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...
Cross site scripting
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
CVE-2024-0556
A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text...
Design/Logic Flaw
A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text...
Xantech WIC1200 Security Vulnerability
The Xantech WIC1200 is a Web Intelligence Controller from Xantech. A security vulnerability exists in the Xantech WIC1200 version 1.1 that originates from a vulnerability that allows a remote user to intercept traffic and retrieve other users' credentials and decode them in Base64, which can be...
SUSE CVE-2023-38653
Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...
PT-2024-12751 · Gtkwave · Gtkwave
Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple integer overflow vulnerabilities exist in the VZT vzt rd block vch decode times parsing functionality. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.46 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
CVE-2024-21633 Arbitrary file write on Decoding
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...
Algorithmic Complexity
Overview PeterO.Cbor is a C implementation of Concise Binary Object Representation CBOR. Affected versions of this package are vulnerable to Algorithmic Complexity due to use of an inefficient algorithm in the DecodeFromBytes or other decoding mechanisms. An attacker can cause a denial of service...
msgpackr's conversion of property names to strings can trigger infinite recursion
Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...
CVE-2023-52079
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
Information disclosure
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079
CVE-2023-52079 concerns msgpackr (NodeJS/JavaScript) before version 1.10.1. When decoding user-supplied MessagePack messages, the decoder can get stuck in a loop, tying up threads. The issue is associated with how certain extensions (e.g., 0x70) may be processed; a mitigation path involves replac...
SUSE CVE-2023-51105
A floating point exception divide-by-zero vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmpdecompressrle4 of load-bmp.c...
msgpacker security vulnerability
msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...
SUSE CVE-2023-2794
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliver function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check f...