Vulnerability of the extractContigSamplesShifted8bits() function in the LibTIFF library, which allows a hacker to trigger a service failure.

The vulnerability of the extractContigSamplesShifted8bits function tools/tiffcrop.c in the LibTIFF library is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

CVE-2023-29245

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

[SECURITY] Fedora 38 Update: erofs-utils-1.6-3.fc38

EROFS stands for Enhanced Read-Only File System. It aims to be a general read-only file system solution for various use cases instead of just focusing on saving storage space without considering runtime performance. This package includes tools to create, check, and extract EROFS images...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the expandIfZip parameter...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

Path Traversal

PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

pf4j vulnerable to remote code execution via expandIfZip method in the extract function

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

GHSA-CJ8W-V588-P8WX pf4j vulnerable to remote code execution via expandIfZip method in the extract function

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

DEBIAN-CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

UBUNTU-CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

Code injection

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

Plugin Framework for Java 路径遍历漏洞

Plugin Framework for Java PF4J is a Java plugin framework open source by PF4J. A security vulnerability exists in Plugin Framework for Java v.3.9.0 and earlier versions, which originated from a vulnerability that could allow a remote attacker to obtain sensitive information and execute arbitrary...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

PT-2023-27658 · Pf4J +1 · Pf4J +1

Name of the Vulnerable Software and Affected Versions: pf4j versions 3.9.0 and earlier Description: An issue in pf4j allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. Recommendations: For pf4j versions 3.9.0 and...

CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

OESA-2023-1518 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Debian dla-3534 : rar - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3534 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3534-1 [email protected] https://www.debian.org/lts/security/...