PT-2024-32858 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is related to a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from...

Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

GHSA-PFR9-2P92-QRHQ Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

Autodesk Navisworks Freedom Installed (Windows)

Binary data autodesknavisworksfreedomwininstalled.nbin...

Autodesk Navisworks Manage Installed (Windows)

Binary data autodesknavisworksmanagewininstalled.nbin...

Autodesk Navisworks Simulate Installed (Windows)

Binary data autodesknavisworkssimulatewininstalled.nbin...

CVE-2024-47046

A vulnerability has been identified in Simcenter Femap V2306 All versions, Simcenter Femap V2401 All versions, Simcenter Femap V2406 All versions. The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

GGIT is affected across all versions by Arbitrary Argument Injection via the clone() API. The root cause is failure to sanitize user input and validate URL schemes, plus improper handling of git command-line flags (using -- to end options). Public details include a PoC from Snyk and a GitHub gist...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

CVE-2024-8927

CVE-2024-8927 affects PHP CGI: in PHP 8.1.x/8.2.x/8.3.x, the CGI wrapper relies on the HTTP_REDIRECT_STATUS variable to determine if a CGI binary is run by the server. In some configurations this value can be influenced by HTTP headers, bypassing cgi.force_redirect and potentially enabling arbitr...

CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

FastStone Image Viewer Installed (Windows)

Binary data faststoneimageviewerinstalled.nbin...

PostgreSQL pgAdmin4 Installed (Windows)

Binary data postgresqlpgadmin4wininstalled.nbin...

Progress Telerik UI for WinForms Installed

Binary data progresstelerikuiforwinformsinstalled.nbin...

PostgreSQL pgAdmin4 Installed (macOS)

Binary data postgresqlpgadmin4macosinstalled.nbin...

CVE-2024-41511

A Path Traversal Local File Inclusion vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter...

SUSE CVE-2024-42415

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector...