Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

webkitgtk: memory corruption issue leading to arbitrary code execution

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

webkitgtk: Memory corruption issue leading to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

DEBIAN-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

Path traversal

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...

Kirby 安全漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby versions 3.5.8.2 and earlier, 3.6.0 through 3.6.6.2, 3.7.0 through 3.7.5.1, 3.8.0 through 3.8.4, and 3.9.0 through 3.9.5, which stems from a vulnerability that allows an external visitor to update Kirby...

AlmaLinux 9 : webkit2gtk3 (ALSA-2023:2653)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2653 advisory. - A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network...

webkitgtk: memory disclosure issue was addressed with improved memory handling

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

webkitgtk: memory corruption issue leading to arbitrary code execution

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

CVE-2022-42867

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

webkitgtk: Memory corruption issue leading to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

CVE-2021-30936

A use after free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

OpenText Documentum Content Server - Arbitrary File Download

!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository permissions: when authenticated user upload content to...

Opentext Documentum Content Server File Download Exploit

Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...