GeoServer <1.2.2 - Remote Code Execution

Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. id:...

USN-7378-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-27830 It was discovered that Ghostscript incorrectly handled the...

CVE-2024-27528

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution...

CVE-2024-27528

CVE-2024-27528 affects wasm3 version 139076a with an Invalid Memory Read vulnerability that can cause Denial of Service and potentially Code Execution. Multiple sources (NVD, Red Hat, CNNVD, CVE listings, PT-security) corroborate the issue and describe the same root cause and impact. Exploitation...

AlmaLinux 8 : kernel-rt (ALSA-2024:5102)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5102 advisory. kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to never block...

BIT-DOTNET-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability...

CVE-2024-30307 Adobe Substance 3D Painter BMP File Parsing Out Of Bounds Write Vulnerability

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

Code injection

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-060)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-060 advisory. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability...

SUSE CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...

Debian dla-3153 : libksba-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3153 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3153-1 [email protected] https://www.debian.org/lts/security/...

CVE-2021-41556

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all...

KLA12596 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Cast UI and Toolbar can be exploited to cause denial of service or...

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

[SECURITY] [DSA 5063-1] uriparser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5063-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2022 https://www.debian.org/security/faq -...

CVE-2021-39561

An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN located in Gfx.cc. It allows an attacker to cause code Execution...

CVE-2021-32294

An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution...

CVE-2021-32286

An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution...