PT-2023-18329 · Unknown · Bluetooth Host

Name of the Vulnerable Software and Affected Versions: Bluetooth HOST affected versions not specified Description: The issue is related to a Transient Denial of Service DOS in the Bluetooth HOST. It occurs when passing a descriptor to validate a blacklisted Bluetooth keyboard. There is no...

CVE-2023-4117

A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely...

chrisimmo.fr Cross Site Scripting vulnerability OBB-3550968

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AZL-34631 CVE-2023-39128 affecting package crash for versions less than 8.0.4-3

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c...

CVE-2023-2865

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file printticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

SUSE CVE-2012-3375

The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...

SUSE CVE-2014-8628

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service memory consumption via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the...

SUSE CVE-2016-9773

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556...

SUSE CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

SUSE CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the...

PT-2022-23950 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PT-2022-24059 · Libjpeg +1 · Libjpeg +1

Name of the Vulnerable Software and Affected Versions: libjpeg affected versions not specified Description: The issue allows attackers to cause a Denial of Service DoS via a crafted file, exploiting a segmentation fault in the HuffmanDecoder::Get function at huffmandecoder.hpp. Recommendations: A...

AZL-10338 CVE-2021-33468 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error in modules/preprocs/nasm/nasm-pp.c...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2162 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2162 Source advisory: OSV:GHSA-CRG2-6XV3-QG5F...

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

DEBIAN-CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

PT-2021-8080 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.13 and earlier Description: The issue is related to the async free space function in the Linux kernel's binder component. It causes a leak of up to 8 bytes of async free space on every async transaction of 8 bytes or...

UBUNTU-CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...