256 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3622
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to...
json-lib: Mishandling of an unbalanced comment string in json-lib
A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string...
CVE-2025-1223
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac...
PT-2025-4802 · Mongoose · Mongoose
Name of the Vulnerable Software and Affected Versions: Mongoose affected versions not specified Description: The Mongoose library is affected by a flaw that exposes millions of downloads to search injection. This issue arises from the improper handling of nested $where filters with populate match...
CVE-2024-45640
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system...
CVE-2024-47602
A flaw was found in the GStreamer library. NULL pointer dereferences and out-of-bounds reads in the Matroska/WebM demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash...
CVE-2024-47596
A flaw was found in the GStreamer library. An integer underflow due to missing size checks in the MP4/MOV demuxer can lead to out-of-bounds reads and cause crashes for certain input files. This issue can allow a malicious actor to trigger a crash of the application...
CVE-2024-47835
A flaw was found in the GStreamer library. A NULL-pointer dereference in the LRC subtitle parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash...
CVE-2024-45337
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only...
CVE-2024-47615
A flaw was found in the GStreamer library. An out-of-bounds write in the Ogg demuxer can cause crashes for certain input files. This vulnerability allows a malicious third party to trigger out-of-bounds writes that can result in the application's crash or possibly allow code execution through hea...
CVE-2024-47606
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemuxparsetheoraextension function. This issue leads to a small amount of memory being allocated to store a large input size,...
CVE-2024-47539
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution throu...
CVE-2024-47537
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of...
CVE-2024-49119
Windows Remote Desktop Services Remote Code Execution Vulnerability...
CVE-2024-54137
A flaw was found in the liboqs library. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This issue results in an incorrect shared secret valu...
CVE-2024-10074
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free...
The vulnerability of the MSASN1.dll library file, WifiAutoInstallDriver.exe, a microprogramming system for wireless USB adapters of TOTOLINK A600UB, allows a hacker to execute arbitrary code.
The vulnerability of the MSASN1.dll library file, WifiAutoInstallDriver.exe, which is part of the wireless USB adapter software for TOTOLINK A600UB, is related to improper checking of integrity values. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
chromium-browser: Use after free in ANGLE
There's a flaw in the Angle package where processing maliciously crafted web content may lead to a use-after-free. A remote attacker may leverage that to exploit heap corruption related bugs, such as crashing the application or remote code execution...
The vulnerability of the w3dtk.dll library in Autodesk Navisworks allows a perpetrator to execute arbitrary code.
The vulnerability of the w3dtk.dll library in Autodesk Navisworks software is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
BELL-CVE-2024-50090
Bulletin has no description...