PT-2024-15922 · Van Der Schaar · Synthcity

Name of the Vulnerable Software and Affected Versions: van der Schaar LAB synthcity version 0.2.9 Description: A critical issue has been found in the function load from file of the component PKL File Handler, leading to deserialization. The attack may be launched remotely. The vendor was contacte...

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

The vulnerability of OMICARD’s system file loading function allows a hacker to execute arbitrary code or cause service failure.

The vulnerability of the system’s file loading function in OMICARD’s marketing emails relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause service failures...

UBUNTU-CVE-2022-48063

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function loadseparatedebugfiles at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

UBUNTU-CVE-2020-24292

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 r1859 allows remote attackers to run arbitrary code via opening of crafted ico file...

The vulnerability of the software file loading function in OMICARD EDM ITPison allows a perpetrator to load any files they desire.

The vulnerability of the software file loading function in OMICARD EDM ITPison involves unlimited loading of dangerous types of files. Exploiting this vulnerability allows a remote attacker to load any files they desire...

The vulnerability of the file loading function of the distributed file system sjqzhang go-fastdfs allows a attacker to write any files and execute any commands.

The vulnerability of the file loading function in the distributed file system sjqzhang go-fastdfs is related to deficiencies in path checking for restricted-access directories. Exploiting this vulnerability allows an attacker to write arbitrary files and execute arbitrary commands remotely...

Malicious Package

Overview shared-ini-file-loader is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

Security update for fluidsynth (important)

openSUSE Security Update: Security update for fluidsynth Announcement ID: openSUSE-SU-2021:0570-1 Rating: important References: 1184705 Cross-References: CVE-2021-28421 CVSS scores: CVE-2021-28421 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

OPENSUSE-SU-2021:0553-1 Security update for fluidsynth

This update for fluidsynth fixes the following issues: - CVE-2021-28421: Fix use after free vulnerability in file loader boo1184705...

Code injection

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

CVE-2020-28472

Prototype Pollution vulnerability CVE-2020-28472 affects @aws-sdk/shared-ini-file-loader (< 1.0.0-rc.9) and aws-sdk (

CVE-2020-28472 Prototype Pollution

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...

OS Command Injection

lookatme is vulnerable to OS command injection. The vulnerability exists through the rendering of untrusted markdown when the built-in terminal and fileloader extensions are automatically loaded...

DEBIAN-CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

Code injection

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

CVE-2020-15271 Shell Command Execution in lookatme

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

CVE-2019-3574

In libsixel v1.8.2, there is a heap-based buffer over-read in the function loadjpeg in the file loader.c, as demonstrated by img2sixel...