117 matches found
ruby: Arbitrary memory address read vulnerability with Regex search
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...
CVE-2024-6163 local IP restriction of internal HTTP endpoints
Certain http endpoints of Checkmk in Checkmk 2.3.0p10 2.2.0p31, 2.1.0p46, = 2.0.0p39 allows remote attacker to bypass authentication and access data...
Unspecified Vulnerability in Oracle Java SE (CNVD-2024-48676)
Oracle Java SE is a for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE for Oracle Java SE and Oracle GraalVM Enterprise Edition. An attacker could exploit the vulnerability to gai...
CVE-2023-46216
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...
CVE-2023-46221
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...
Insyde InsydeH2O Security Breach
Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 to 5.5, which...
CVE-2023-22025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...
CVE-2023-28753
netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...
comrak 安全漏洞
Comrak is a CommonMark+GFM compatible Markdown parser and renderer by Asherah Connor, a personal developer. A security vulnerability exists in versions of comrak prior to 0.17.0 that stems from not validating attacker-controlled data in AST nodes...
CVE-2022-45437
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...
SUSE CVE-2019-16228
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
SUSE CVE-2020-6440
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension...
SUSE CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...
thisAAY Lazy Mouse 安全漏洞
thisAAY Lazy Mouse is a mouse application from thisAAY. A security vulnerability exists in thisAAY Lazy Mouse that stems from the fact that it allows an attacker to view all data via a man-in-the-middle attack...
RelatedChat 安全漏洞
RelatedChat is an open source alternative communication platform for Related Code individual developers. A security vulnerability exists in RelatedChat. An attacker exploiting this vulnerability could access sensitive data of any user of the application...
httpd: mod_sed: Read/write beyond bounds
An out-of-bounds read/write vulnerability was found in the modsed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using modsed with data provided by the attacker...
Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls
The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example PoC POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...