8788 matches found
AZL-44043 CVE-2023-45853 affecting package deltarpm 3.6.5-2
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-61795 CVE-2023-45853 affecting package optipng 0.7.8-5
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-35400 CVE-2023-45853 affecting package zlib for versions less than 1.3.1-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-44985 CVE-2023-45853 affecting package libkml 1.3.0-41
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-35242 CVE-2023-45853 affecting package rust for versions less than 1.75.0-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
UBUNTU-CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
cookie injection with none file
This flaw allows an attacker to intentionally inject cookies into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a...
The vulnerability of the curl_easy_duphandle function in the libcurl library allows a hacker to create or re-record cookies.
The vulnerability of the curleasyduphandle function in the libcurl library is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to create or rewrite cookie files remotely...
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
CVE-2023-26146
All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting XSS such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered...
OpenRapid RapidCMS Code Issue Vulnerability
OpenRapid RapidCMS is OpenRapid open source a fast and easy to use CMS system. A code issue vulnerability exists in OpenRapid RapidCMS version 1.3.1, which stems from an incorrect manipulation of the parameter fileName that can lead to unrestricted uploads...
PT-2023-31983 · Openrapid · Openrapid Rapidcms
Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS version 1.3.1 Description: A critical vulnerability has been found in OpenRapid RapidCMS, affecting the isImg function of the file /admin/config/uploadicon.php. The manipulation of the fileName argument leads to unrestricte...
OESA-2023-1693 ctags security update
Ctags generates an index or tag file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available or, alternatively, the index entry created for that...
PT-2023-20524 · Ithewei · Libhv
Name of the Vulnerable Software and Affected Versions: ithewei/libhv versions all Description: The issue concerns Cross-site Scripting XSS where filenames containing malicious payloads are not properly sanitized when rendered. This occurs when a file with such a name is served by the application...
CVE-2023-43234
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...
CVE-2023-43234
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...
DEBIAN-CVE-2023-3223
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...