CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

DEBIAN-CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...

CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...

CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...

UBUNTU-CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...

PT-2023-19460 · Libelfin +1 · Libelfin +1

Name of the Vulnerable Software and Affected Versions: Libelfin version 0.3 Description: The issue is related to an integer overflow in the load function at elf/mmap loader.cc, which can be exploited by attackers to cause a Denial of Service DoS via a crafted elf file. Recommendations: For Libelf...

CVE-2023-24180

The CVE-2023-24180 entry concerns Libelfin v0.3, where an integer overflow in the load function (elf/mmap_loader.cc) can cause a Denial of Service via a crafted ELF file. The connected documents consistently describe the same root cause and impact, with no published details on a vendor patch or m...

SUSE CVE-2019-14692

AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load in mkj.cpp...

SUSE CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

SUSE CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...

SUSE CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

CVE-2017-20173

A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is...

CVE-2017-20173

A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is...

Sql injection

A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is...

PT-2023-10624 · Unknown · Alexred Contentmap

Name of the Vulnerable Software and Affected Versions: AlexRed contentmap affected versions not specified Description: A critical issue was found in AlexRed contentmap, affecting the Load function of the file contentmap.php. The manipulation of the contentid argument leads to sql injection...

PT-2022-22552 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools version 772e55a2 Description: A heap-buffer overflow issue was discovered in SWFTools via the png load function at /lib/png.c. This issue can be exploited, potentially leading to undefined behavior or code execution. No information i...

GHSA-4QHR-Q7WF-94XP Deserialization of Untrusted Data in JYaml

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

EulerOS Virtualization 3.0.2.2 : PyYAML (EulerOS-SA-2021-2165)

According to the versions of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS ...