CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

MGASA-2022-0092 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on a...

Debian DLA-2937-1 : gif2apng - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2937 advisory. Three issues have been discovered in gif2apng: tool for converting animated GIF images to APNG format. CVE-2021-45909 heap-based buffer overflow vulnerability in t...

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

Design/Logic Flaw

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

The vulnerability of the Drupal content management system, related to insufficient validation of input data, allows a hacker to insert or overwrite arbitrary data.

The vulnerability of the Drupal content management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a hacker to insert or overwrite arbitrary data...

Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2020-15782)

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

GHSA-6M93-343M-3JRC Cross-site Scripting in HTML2PDF

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

Deserialization of untrusted data

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

PT-2022-6467 · Zte · Zte Zxvstb

Name of the Vulnerable Software and Affected Versions: ZTE ZXvSTB affected versions not specified Description: The issue is related to broken access control in the ZTE ZXvSTB product, caused by improper permission control. This allows attackers to delete the default application type, affecting th...

giftrans has an unspecified vulnerability

giftrans is used to convert any Gif file to Gif89a. giftrans has a security vulnerability that stems from the fact that the giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow, since the value in the input file determines the amount of data to be written. An attacker could...

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...