CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

GHSA-55XH-53M6-936R

creationtimestamp| type| source ---|---|--- 2024-02-15 16:52:04+00:00| seen| https://t.me/ctinow/185687...

CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

openBI Code Injection Vulnerability

openBI is a big data visualization solution from openBI. A code injection vulnerability exists in openBI 1.0.8 and earlier versions, which stems from a problem with the index function in the /application/index/controller/Screen.php file, which could lead to code injection. Currently there are no...

GTKWave code execution vulnerability (CNVD-2024-36927)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Code Execution Vulnerability (CNVD-2024-36932)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave integer overflow vulnerability (CNVD-2024-37207)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Code Execution Vulnerability (CNVD-2024-36926)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted .lxt2 file...

GTKWave integer overflow vulnerability (CNVD-2024-37731)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An integer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

GTKWave Arbitrary Write Vulnerability

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...

GTKWave Code Execution Vulnerability (CNVD-2024-36925)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

CVE-2021-42028

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to...

GHSA-JPFP-XQ3P-4H3R

creationtimestamp| type| source ---|---|--- 2023-12-27 16:17:06+00:00| seen| https://t.me/ctinow/159670...

CVE-2023-32727 Code execution vulnerability in icmpping

An attacker who has the privilege to configure Zabbix items can use function icmpping with additional malicious command inside it to execute arbitrary code on the current Zabbix server...

PT-2023-8206 · Openssh +11 · Openssh +11

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 Description: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname...

CVE-2023-21740

Windows Media Remote Code Execution Vulnerability...

GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

SuiteCRM Code Injection Vulnerability

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that can be exploited by an attacker to cause arbitrary code execution...

CVE-2023-44398 Out-of-bounds write in exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, BmffImage::brotliUncompress, is new in v0.28.0, so earlier versions of Exiv2 are not...