48 matches found
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
CVE-2022-2825
The CVE-2022-2825 issue affects Kepware KEPServerEX 6.11.718.0, with a stack-based buffer overflow in the handling of text encoding conversions caused by improper validation of the length of user-supplied data. It allows remote attackers to execute arbitrary code with SYSTEM privileges without au...
CVE-2022-2848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...
USN-5873-1 golang-golang-x-text, golang-x-text vulnerabilities
It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14040 It was discovered that Go Text incorrectly handled certain BCP 47 language...
(Pwn2Own) Kepware KEPServerEX Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper...
(Pwn2Own) Kepware KEPServerEX Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper...
PT-2022-4524 · Kepware · Kepserverex
Name of the Vulnerable Software and Affected Versions: Kepware KEPServerEX version 6.11.718.0 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of...
Trojan Source CVE-2021-42572: No Panic Necessary
What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw
Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 CVSS score: 8.1, affects PowerShell versions 7.0 and 7.1 and have been...
.NET Core Remote Code Execution Vulnerability
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what...
[ASA-202103-20] dotnet-runtime: arbitrary code execution
Arch Linux Security Advisory ASA-202103-20 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-runtime Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1698 Summary ======= The package...
[ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution
Arch Linux Security Advisory ASA-202103-23 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-sdk-3.1 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1701 Summary ======= The package...
[ASA-202103-21] dotnet-sdk: arbitrary code execution
Arch Linux Security Advisory ASA-202103-21 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-sdk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1698 Summary ======= The package dotnet-sdk...
Qualcomm 组件 输入验证错误漏洞
A Qualcomm component is a component of Qualcomm Incorporated Qualcom. Provides components that are intrinsic to Qualcomm devices. A buffer overflow vulnerability exists in the Qualcomm component that originates from a buffer overflow that occurs when attempting to convert an ASCII string to a...
Cross-Site Scripting in cyberchef
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript ...
GHSA-JP6R-XCJJ-5H7R Cross-Site Scripting in cyberchef
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript ...
Cross-Site Scripting (XSS)
cyberchef is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript code into a victim's browser via the text encoding brute force process...
Adobe Reader PDF - Client Side Request Injection
% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...
graphite2 security update
CentOS Errata and Security Advisory CESA-2017:1793 An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
[SECURITY] Fedora 24 Update: graphite2-1.3.10-1.fc24
Graphite2 is a project within SIL=EF=BF=BD=EF=BF=BD=EF=BF=BDs Non-Roman Scr ipt Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create =EF=BF=BD=EF=BF =BD=EF=BF=BDsmart...