PT-2024-30098 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.5 Description: A remote code execution vulnerability exists in the parisneo/lollms-webui, specifically within the open file module. The vulnerability arises due to improper neutralization of special elements us...

PT-2024-20169 · Unknown · Merge Dicom Toolkit C/C++

Name of the Vulnerable Software and Affected Versions: Merge DICOM Toolkit C/C++ affected versions not specified Description: The issue is related to an out-of-bounds read when the MC Open File function is used to read malformed DICOM data, potentially resulting in over-reading of the memory buff...

CVE-2024-0082

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data...

CVE-2024-0082

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data...

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX 0.2 and prior versions that originated from allowing an attacker to send an open file request to the application, which could result in local elevation of privilege,...

PT-2024-15337 · Nvidia · Nvidia Chatrtx

Name of the Vulnerable Software and Affected Versions: NVIDIA ChatRTX for Windows affected versions not specified Description: The issue concerns improper privilege management in the UI of NVIDIA ChatRTX for Windows. An attacker can exploit this by sending open file requests to the application,...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

SUSE CVE-2023-35989

An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

DEBIAN-CVE-2023-38583

A stack-based buffer overflow vulnerability exists in the LXT2 lxt2rdexpandintegertobits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

ALPINE-CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

PT-2023-28253 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

VulnCheck KEV: CVE-2023-32049

Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt...

Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt...

Open redirect

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface...

PT-2023-18956 · Sick · Sick Ftmg Air Flow Sensor

Name of the Vulnerable Software and Affected Versions: SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 Description: The issue allows an unprivileged remote attacker to influence the availability of the webserver by invoking several open fil...

PT-2023-22809 · Unknown · Cloud Hypervisor

Name of the Vulnerable Software and Affected Versions: Cloud Hypervisor versions 30.0 through 31.0 Description: This issue allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP requests through the HTTP API socket, potentially causing...