306 matches found
SUSE CVE-2023-4458
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...
Contributed Rack Middleware and Utilities 安全漏洞
Contributed Rack Middleware and Utilities is a collection of various add-ons for Rack, a Ruby web server interface. A security vulnerability exists in Contributed Rack Middleware and Utilities versions prior to 2.5.0, which stems from unrestricted user-controlled data that is susceptible to...
DEBIAN-CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
GHSA-QWVP-268G-JJM8 Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...
Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...
CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...
CVE-2023-39494
PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...
CVE-2023-37319
D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability...
UBUNTU-CVE-2023-38103
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Corel Parallels Desktop 安全漏洞
Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Canada's Corel Digital Technology Corel. A security vulnerability exists in Corel Parallels Desktop that stems from a specific flaw in the virtio-gpu virtual appliance that lacks proper validation of...
Scrapy 安全漏洞
Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...
Kofax Power PDF 安全漏洞
Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF that stems from a specific flaw in the parsing of PDF files that lacks proper validation of user-supplied data, allowing a remote attacker to execute arbitrary code...
mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
The vulnerability of the Ruby on Rails software platform lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of the Ruby on Rails software platform is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses when using unvalidated external data in the redirectto handler...
Nextcloud Resource Management Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud calendar version 1.0.0 and later versions, which stems from a lack of precondition checking,...
PT-2023-26979 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...
PT-2023-4488 · Gstreamer +2 · Gstreamer +2
Name of the Vulnerable Software and Affected Versions: GStreamer affected versions not specified Description: The issue is related to an integer overflow in the MDPR component of the GStreamer multimedia framework. This allows remote attackers to execute arbitrary code on affected installations o...
PT-2023-25917 · Kofax · Kofax Power Pdf
Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file...
PT-2023-26302 · Kofax · Kofax Power Pdf
Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required, where the target must visit a malicious page...
SUSE CVE-2023-37327
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...