CVE-2024-45769 Pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

PT-2024-2246

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description The issue is related to insufficient input validation in the Windows Kernel, which can be exploited to cause a denial-of-service condition using specially crafted data. This allows...

BIT-POSTGRESQL-2023-5869 Postgresql: buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

RHEL 8 : postgresql:10 (RHSA-2023:7786)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7786 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in arra...

The vulnerability of the HTTP service of D-Link G416 microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the D-Link G416 router’s microprogrammed software service lies in the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by transmitting specially created...

CVE-2023-46259

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

Memory corruption

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

Command injection

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...

CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data...

Huawei HarmonyOS kernel module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China, Inc. providing a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS provides a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS suffers from an out-of-bounds read vulnerability,...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55647)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the en...

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. moodle suffers from an input validation error vulnerability, which stems from improper input validation and can be exploited by remote...

The vulnerability of the Schneider Electric Data Center Expert software lies in its ability to restore unreliable data into memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Schneider Electric Data Center Expert monitoring software relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

The vulnerability of Microsoft Exchange Server’s mail server, related to insufficient input validation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted data to the server...

Weak Cryptography

github.com/gravitl/netmaker is using weak cryptography. The vulnerability exists because a hard-coded cryptographic key is used in the code base which allows an attacker to pass specially crafted data to the application and execute arbitrary commands on the system...

PT-2022-1793 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft Exchange Server, which can be exploited by a remote attacker to execute arbitrary code by sending...

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...

CVE-2021-29781

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A code issue vulnerability exists in Apache HTTP Server, which stems from a NULL pointer dereference error in mod sessions. A remote attacker could use this...

CVE-2019-1620 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...