The vulnerability of the PAN-OS operating system, related to errors in syntax validation during input processing, allows attackers to trigger service failures.

The vulnerability of the PAN-OS operating system is related to errors in syntax validation during input processing. Exploiting this vulnerability allows a malicious actor to trigger a service failure using specially created Windows New Technology LAN Manager NTLM packets from Windows servers...

The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack architecture allows a attacker to cause a service failure.

The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability may allow a malicious actor to cause service failur...

The vulnerability of the box_col_len() function in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the boxcollen function in the virtuoso-opensource web application development platform is related to insufficient processing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures after executing the SELECT operator...

ROS-20240403-12

A vulnerability in the Range header analysis component of the modular interface between web servers and the Rack web applications is related to the creation of input data that could cause the analysis of the Content-Disposition header in Rack to take an unexpected amount of time...

The vulnerability in the implementation of the NFS network file system server for FreeBSD and OpenBSD allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the NFS network file system server implementation for FreeBSD and OpenBSD is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.4, which stems from processing malicious input that could lead to code execution...

CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...

The vulnerability of Zoom’s video conferencing software, related to errors in processing input data, allows attackers to exploit their privileges.

The vulnerability of Zoom video conferencing software is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

The vulnerability of the Microsoft Outlook email client, related to errors in processing input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Outlook email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user open a specially crafted URL address remotely...

PT-2024-1715 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message queuing component. This can allow an attacker to execute arbitrary...

CVE-2023-43535

Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages, related to errors in processing input data, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code by having the user open a specially crafted malicious file...

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool allows a perpetrator to cause a service failure.

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted MMS...

Advisory ROSA-SA-2023-2312

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...

CVE-2023-40446

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps...

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the nginx.ingress.kubernetes.io/configuration-snippet component in the Kubernetes ingress-nginx cluster allows a attacker to execute arbitrary code or escalate their privileges.

The vulnerability of the nginx.ingress.kubernetes.io/configuration-snippet component, which handles incoming traffic in the Kubernetes ingress-nginx cluster, is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or increase...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to execute arbitrary code.

The vulnerability of the Core server component of Oracle WebLogic Server is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by injecting specially crafted messages via T3 and IIOP protocols...

The vulnerability of the Windows Message Queuing system allows a hacker to execute arbitrary code.

The vulnerability of Windows’ Message Queuing system is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...