UBUNTU-CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

libjpeg 缓冲区错误漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg version 1.63, which stems from a heap-based buffer overread in HierarchicalBitmapRequester::FetchRegion in...

CVE-2022-26317

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...

DEBIAN-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39517

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Notes: none...

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

Zoho ManageEngine ADManager Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

Design/Logic Flaw

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2014-6849

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none...

OWASP Mth3l3m3nt Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots,...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a security issue. Notes: none...

Oddsock Song Requester 2.1 WinAmp Plugin Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5248/info A vulnerability has been reported for Oddsock Song Requester 2.1. The vulnerability occurs when an attacker makes a request to 'request.cgi' using a long value for the 'listpos' parameter. It is possible to caus...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none...

CVE-2002-1028

Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service crash via long arguments...