SUSE CVE-2024-5158

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

PT-2024-4724 · Ооо 'Кейсистемс' · Сервис Оправдательных Документов

Name of the Vulnerable Software and Affected Versions: Сервис оправдательных документов affected versions not specified Description: The issue is related to incorrect restriction of directory path names. It may allow a remote attacker to gain read access to local files. Recommendations: At the...

VulnCheck KEV: CVE-2009-2445

Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...

CVE-2024-23530

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory...

CVE-2024-31220

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

SUSE CVE-2024-3159

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2024-2886

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2024-2886

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

RaspAP security vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions, which stems from a vulnerability that allows remote attackers to read the /etc/passwd file via a crafted request...

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

The vulnerability of Websoft HCM’s automation software for HR processes stems from name management or file path handling errors, allowing attackers to gain access to the file system.

The vulnerability of Websoft HCM’s automation software for HR processes is related to name management or file path handling errors. Exploiting this vulnerability can allow an attacker to gain read access to the file system remotely...

PT-2024-1530 · Oracle · Oracle Graalvm Enterprise Edition +1

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.9, 21.0.1 Oracle GraalVM Enterprise Edition versions 20.3.12, 21.3.8, 22.3.4 Description: The issue exists due to insufficient input validation in the Compiler component of Oracle GraalVM for JDK and Oracl...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

CVE-2023-36648

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka as consumer and producer...

PT-2023-9242 · Unknown · Masterscada 4D

Name of the Vulnerable Software and Affected Versions: MasterSCADA 4D affected versions not specified Description: The issue is related to incorrect restriction of access to a directory with limited access in the MasterSCADA 4D SCADA system. Exploitation of this issue may allow a remote attacker ...

PT-2023-9313 · Oracle · Oracle Zfs Storage Appliance Kit

Name of the Vulnerable Software and Affected Versions: Oracle ZFS Storage Appliance Kit version 8.8 Description: The issue is related to insufficient input validation in the user interface of the Oracle ZFS Storage Appliance Kit. This easily exploitable vulnerability allows an unauthenticated...

CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. Chromium security severity: Critical...

DEBIAN-CVE-2023-4428

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2023-4431

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

PT-2023-4504 · Google +2 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.110 Description: The issue is related to an out of bounds memory access in V8, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This can potentially impact...