CVE-2023-42910

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution...

CVE-2023-29167

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed...

CVE-2022-32888

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2022-30331

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

Stack overflow

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges...

JVN#69635538: The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

MGASA-2019-0079 Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs

Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...

CVE-2010-2170

Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183...

Stack overflow

Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename...

Microsoft Agent Crafted URL Stack Buffer Overflow (MS07-051; CVE-2007-3040)

The Microsoft Agent ActiveX control, exposes a set of methods and properties that can be used for scripting in HTML pages. There exists a buffer overflow vulnerability in Microsoft Windows Agent application. The flaw is due to wrongfully copying an overly large string to a fixed-size stack buffer...

Mandrake Linux Security Advisory : gdm (MDKSA-2006:231)

Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window gdmchooser could allow an unauthenticated attacker to execute arbitrary code on the affected system. The updated packages have been patched to correct this issue. %NASLMINLEVEL 7030...