CVE-2024-21795

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...

CVE-2024-25978

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

Design/Logic Flaw

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978

CVE-2024-25978 : Moodle is affected by a denial-of-service risk due to insufficient file size checks in the file picker’s unzip functionality. The available connected documents confirm the vulnerability and its impact but do not provide concrete technical details such as affected versions or exac...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user-supplied input within the 'Template' functionality with in modules.modules.php, which allows attackers to execute arbitrary code...

CVE-2024-21915 Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

[SECURITY] Fedora 38 Update: rust-userfaultfd-0.8.1-2.fc38

Rust bindings for the Linux userfaultfd functionality...

PT-2024-3880 · Automationdirect · Automationdirect P3-550E

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9 Description: The issue is related to a heap-based buffer overflow vulnerability in the Programming Software Connection CurrDir functionality. This can be triggered by a specially crafted network packe...

Authorization Bypass

pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...

CVE-2024-25108 Insufficient authorization allowing elevated access to resources in pixelfed

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...

[SECURITY] Fedora 39 Update: rust-userfaultfd-0.8.1-2.fc39

Rust bindings for the Linux userfaultfd functionality...

Cross Site Scripting (XSS)

com.liferay.portal:release.portal.bom and com.liferay.portal:release.dxp.bom are vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of user input validation within the search functionality if highlighting is disabled by adding any searchable content to the application...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:0395-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0395-1 advisory. - A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in...

CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

Improper access control

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

CVE-2024-24575 libgit2 is vulnerable to a denial of service attack in `git_revparse_single`

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...