AWS Cloud Development Kit 数据伪造问题漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A data forgery vulnerability exists in AWS Cloud Development Kit, which stems from the fact that it...

PT-2025-4846

Name of the Vulnerable Software and Affected Versions AWS Cloud Development Kit AWS CDK versions prior to 2.177.0 Description The issue concerns the AWS Cloud Development Kit's AWS CDK handling of IAM OIDC custom resource provider packages. Specifically, the tls.connect method sets...

The vulnerability of the integrated environment for managing the development lifecycle of IBM Jazz Foundation lies in its lack of access control for personal information, allowing attackers to disclose protected information.

The vulnerability of the integrated environment for managing the development lifecycle of IBM Jazz Foundation is related to deficiencies in restricting access to personal information. Exploiting this vulnerability could allow attackers to disclose protected information...

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development tools is related to buffer overflows in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development environment is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

BigAntSoft BigAnt office messenger SQL Injection Vulnerability

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development tools lies in the creation of a temporary file in a directory with incorrect permissions, allowing an attacker to escalate their privileges.

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development tools is related to the creation of a temporary file in the directory with incorrect permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

!IMPORTANT This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developerguides/debugging/environmenttypes/ for...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error message display mechanism. An attacker can inject malicious scripts that are executed in the user's browser by...

CVE-2024-48858 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec...

CVE-2024-48857 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec...

CVE-2024-48857 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec...

CVE-2024-48857

The CVE-2024-48857 entry describes a NULL pointer dereference in the PCX image codec of QNX SDP (Blackberry) affecting versions 8.0, 7.1 and 7.0. The underlying issue is triggered during image codec handling, allowing an unauthenticated attacker to cause a denial-of-service condition in the conte...

CVE-2024-48856

CVE-2024-48856 affects BlackBerry/QNX SDP, specifically the PCX image codec. The issue is an out-of-bounds write in the PCX codec that impacts SDP versions 8.0, 7.1 and 7.0, allowing an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process u...

CVE-2024-48856 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec...

CVE-2024-48855 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48855 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48855

CVE-2024-48855 affects BlackBerry/QNX SDP: an out-of-bounds read in the TIFF image codec impacts SDP versions 8.0, 7.1 and 7.0, enabling an unauthenticated attacker to cause information disclosure within the process using the image codec. Reported impact aligns with information disclosure (confid...

CVE-2024-48854

CVE-2024-48854 involves an off-by-one error in the TIFF image codec of BlackBerry QNX SDP. Affected products: QNX SDP versions 8.0, 7.1 and 7.0. The underlying issue is an off-by-one defect in the TIFF codec that could allow an unauthenticated attacker to perform an information disclosure within ...

CVE-2024-48854 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

CVE-2024-48854 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...