11 matches found
PT-2026-54929
FatFs R0.16 and earlier contains a stack overflow bug in f getlabel because exFAT label length XDIR NumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The...
SUSE CVE-2026-27489
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...
CVE-2026-27489
CVE-2026-27489: Open Neural Network Exchange (ONNX) prior to 1.21.0 suffers a path-traversal via symlink vulnerability that allows reading files outside the model or user directory. Affected product detail in IBM Watson Speech Services Cartridge (versions 4.0.0–5.3.1); fix is in 5.3.1 Patch 5 (5....
InventoryGui allows item duplication in GUIs which use GuiStorageElement
Impact Any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element. Patches InventoryGui 1.6.5 included in latest 1.6.5-SNAPSHOT by disabling GuiStorageElement when not running on 1.21.9 or later. Workarounds Not using the GuiStorageElement...
CVE-2023-30785
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Grid plugin = 1.21 versions...
Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a security flaw in the ShutdownObserver function. Affected products and versions: Firefox ESR before 115.6, Thunderbird before 115.6...
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
CVE-2022-28507
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting XSS via Dragon path router admin page...
iTech Gigs Script SQL Injection Vulnerability
iTech Gigs Script is an e-commerce website building system. The system features user registration, quotes and comments. A SQL injection vulnerability exists in iTech Gigs Script version 1.21. A remote attacker can inject SQL commands by sending the 'sc' parameter to the browse-scategory.php file ...
OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...