CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

UBUNTU-CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

Design/Logic Flaw

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

CVE-2023-4508 Denial of Service in Gerbv

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

CVE-2023-4508

CVE-2023-4508 affects Gerbv versions 2.4.0–2.10.0, with out-of-bounds memory access when parsing RS-274X files, causing a crash and potential denial-of-service. Connected advisories confirm the issue across distributions (Debian/Ubuntu/OpenSUSE) and indicate fixed versions in respective releases;...

GHSA-X456-3CCM-M6J4 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...

DEBIAN-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

UBUNTU-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

PT-2023-24889 · Unknown +1 · Mechanicalsoup +1

Name of the Vulnerable Software and Affected Versions: MechanicalSoup versions 0.2.0 through 1.2.x Description: A malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific and...

SUSE CVE-2023-3430

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial ...

Input validation

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 POC POC For A Pre Auth Double Free Vulnerability...

VulnCheck KEV: CVE-2023-2868

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

SUSE CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

SUSE CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

SUSE CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2022-40784

Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406...