CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

CVE-2023-34642

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker which can then be used to open an unprivileged command prompt...

PT-2023-24963 · Unknown · Kioware For Windows

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions through 8.33 Description: The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10. Attackers can exploit this by opening a file dialog box via the window.print function, which...

PT-2023-24964 · Microsoft · Windows 10

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions through 8.33 Description: The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10, allowing attackers to open a file dialog box via the showDirectoryPicker function. This can...

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

PT-2023-20206 · Zte · Zte Androidtv Stbs

Name of the Vulnerable Software and Affected Versions: ZTE AndroidTV STBs affected versions not specified Description: The issue is related to improper permission settings, allowing non-privileged applications to perform protected functions. This could lead to the clearance of personal data and...

ZTE AndroidTV STBs 安全漏洞

ZTE AndroidTV STBs is an Ultra HD set-top box from China's ZTE Corporation ZTE. The ZTE AndroidTV STBs suffers from a security vulnerability that stems from improper privilege settings. An attacker exploiting this vulnerability could erase personal data and applications from a user's device...

WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.10 Fixed in 1.7.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a337a4af3925 Credits István Márton...

Description of the security update for Excel 2013: May 9, 2023 (KB5002384)

Description of the security update for Excel 2013: May 9, 2023 KB5002384 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see ​​Microsoft Common Vulnerabilities and Exposures CVE-2023-24953. Note: To apply this...

CSRF Leading to reset Boxes

Description Hello everyone, During my testing on LimeSurvey's admin demo, it's found that the Boxes part of the application is vulnerable to CSRF affecting reset boxes functionality meaning that if an admin created some boxes an attacker could trick the admin to reset the boxes by following a lin...

OSV-2023-298 UNKNOWN READ in active_edges

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57884 Crash type: UNKNOWN READ Crash state: activeedges intersect cairoboxesintersect...

SUSE CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving inline text boxes...

SUSE CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets CSS boxes, which allows remote attackers to execute arbitrary code or cause a...

SUSE CVE-2011-3036

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

SUSE CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

SUSE CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes...

SUSE CVE-2021-29533

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

SUSE CVE-2022-36001

TensorFlow is an open source platform for machine learning. When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix wi...

CVE-2022-45766

Hardcoded credentials in Global Facilities Management Software GFMS Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes...