204 matches found
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
GHSA-HW7C-3RFG-P46J google.golang.org/protobuf vulnerable to panic leading to denial of service
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...
GO-2023-1631 Panic when parsing invalid messages in google.golang.org/protobuf
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...
PT-2023-19680 · Canonical +9 · Golang-Github-Golang-Protobuf-1-3 +7
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when parsing invalid messages, which can cause a panic. Specifically, parsing a text-format message that contains a potential number...
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-21716 Microsoft Word RTF Font Table Heap Corruption...
SUSE CVE-2010-3452
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...
SUSE CVE-2014-9093
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service invalid write operation and crash and possibly execute arbitrary code via a crafted RTF file...
SUSE CVE-2015-7629
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary...
PT-2022-7396 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to the improper neutralization of input data during web page generation, allowing a remote attacker to execute arbitrary code using specially crafted RTF data. This can be used t...
node-red-dashboard 跨站脚本漏洞
node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...
Denial Of Service (DoS)
protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...
Denial of Service (DoS)
Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS via the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unkno...
protobuf-java has a potential Denial of Service issue
Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...
Zero-day vulnerability discovered in Microsoft Word
A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...
Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011
This module provides a very simple, mobile-friendly navigation toolbar. The module doesn't sufficiently check for user-provided input. This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format like the default "Filtered HTML" format tha...
Ubuntu: Security Advisory (USN-5202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-8968
Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...