PT-2025-51346

Name of the Vulnerable Software and Affected Versions Autodesk products affected versions not specified Description A specially designed SLDPRT file can trigger an Out-of-Bounds Read issue when processed by specific Autodesk products. Successful exploitation could lead to a program crash,...

EUVD-2022-47490

Malicious code in bioql PyPI...

Measuring the Attack/Defense Balance

"Who's winning on the internet, the attackers or the defenders?" I'm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain's latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

Index out of bounds leading to crash

ZPLGFA 1.1.1 allows attackers to cause a panic because of an integer index out of range during a ConvertToGraphicField call via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence...

Crash when processing crafted TIFF files

Disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

CVE-2023-36307

ZPLGFA 1.1.1 allows attackers to cause a panic because of an integer index out of range during a ConvertToGraphicField call via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence...

Integer overflow

DISPUTED ZPLGFA 1.1.1 allows attackers to cause a panic because of an integer index out of range during a ConvertToGraphicField call via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence...

CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

Design/Logic Flaw

DISPUTED disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security...

CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

CVE-2023-36308

The CVE-2023-36308 entry concerns disintegration Imaging 1.6.2. Affected component: the scanner.go scan function, specifically the Grayscale path when processing crafted TIFF files. Root cause: an integer index out of range leads to a panic. Impact: the description notes it is unclear whether thi...

CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

CVE-2023-25780

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence...

Missing critical check of amount minted tokens in stake() -> deposit()

Lines of code Vulnerability details Impact No require to ensure that SfrxEth or WstEth is minted when calling in SafEth.sol stake - IDerivative.deposit function Proof of Concept In the deposit function in Reth.sol has a require statement to ensure that the token was actually minted. But there is ...

CVE-2022-39424

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 Installation Download the Python scri...

The Uber Data Breach Conviction Shows Security Execs What Not to Do

Former Uber security chief Joe Sullivan’s conviction is a rare criminal consequence for an executive’s handling of a hack...

CVE-2022-22539

When a user opens a manipulated JPEG file format .jpg, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE...