4065 matches found
SUSE CVE-2023-2908
A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...
golang: cmd/go: go command may generate unexpected code at build time when using cgo
A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...
golang: runtime: unexpected behavior of setuid/setgid binaries
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/...
CVE-2023-29403
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/...
CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
Design/Logic Flaw
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
UBUNTU-CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
GLPI 操作系统命令注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
PT-2023-24778 · Unknown +1 · Glpi Agent +1
Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.5 Description: The issue affects the GLPI Agent, a generic management agent, when running the remoteinventory task against a Unix platform using the ssh command. An administrator user on the remote system can...
c-ares: 0-byte UDP payload Denial of Service
A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...
libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure...
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...
dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption...
dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack...
electron23 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...
SUSE CVE-2023-24535
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...
Security advisory: Qt Network
A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-34410. In some circumstances, system CA certificates list remains unexpectedly active for the authentication of SSL peers. In a case where clients are supposed to be...