33 matches found
Spreadsheet::ParseXLSX Security Vulnerability
Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX prior to version 0.28, which stems from memoize not properly constraining merged cells, resulting in an out-of-memory condition when parsing XLSX documents...
WebsiteGuide 代码问题漏洞
WebsiteGuide is a web site navigation system. A security vulnerability exists in WebsiteGuide v0.2 that stems from vulnerability to Remote Command Execution RCE attacks via image upload...
DEBIAN-CVE-2023-31485
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...
PT-2023-23360 · Gitlab +1 · Gitlab::Api::V4 +1
Name of the Vulnerable Software and Affected Versions: GitLab::API::v4 versions 0.26 and earlier Description: The issue allows for machine-in-the-middle attacks due to the lack of TLS certificate verification when connecting to a GitLab server. Recommendations: For GitLab::API::v4 versions 0.26 a...
SUSE CVE-2018-8976
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...
CVE-2022-36155
tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...
quic-go 资源管理错误漏洞
quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A resource management error vulnerability exists in quic-go version 0.27.0 and earlier. A remote attacker can cause a denial of service by sending a Slowloris variant of an incomple...
CVE-2022-30882
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code remote. When installing the pyanxdns package of version 0.2, the request package will be installed...
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...
Servisnet Tessa 授权问题漏洞
Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...
xunfeng Command Injection Vulnerability
xunfeng is a rapid vulnerability response and asset scanning system for enterprise intranets. A command injection vulnerability exists in xunfeng version 0.2.0, which stems from the failure of the masscan.py file to properly handle backquote characters and can be exploited by an attacker to execu...
Exiv2 'readHeader' Function Denial of Service Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A security vulnerability exists in the 'readHeader' functi...
PT-2017-12152 · Sipcrack +1 · Sipcrack +1
Name of the Vulnerable Software and Affected Versions: SIPcrack version 0.2 Description: A memory leak was discovered in the way SIPcrack handles SIP traffic processing due to mismanagement of a lines array. This issue could allow a remote attacker to potentially crash long-running sipdump networ...