31 matches found
SUSE CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
CVE-2026-40339
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...
CLSA-2026-1767950442 git: Fix of CVE-2024-32021
CVE-2024-32021: checking whether the hardlinked destination file matches the source file and abort in case it doesn't...
CVE-2021-47705 CNC_Ctrl DllUnregisterServer Access Violation
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...
COMMAX UMS Client ActiveX Control 缓冲区错误漏洞
COMMAX UMS Client ActiveX Control is a browser plug-in from the Korean company COMMAX. A buffer error vulnerability exists in COMMAX UMS Client ActiveX Control version 1.7.0.2, which stems from a heap buffer overflow issue in CNCCtrl.dll that could lead to the execution of arbitrary code...
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...
Important: glibc
Issue Overview: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to...
CVE-2023-24844
CVE-2023-24844 involves memory corruption in the Core when invoking the Access Control core library with a hardware-protected address range. Affected product area: Qualcomm components (closed‑source). The description consistently states memory corruption as the issue; no concrete exploitation det...
Qualcomm Chip Security Breach
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stem...
CVE-2022-23457
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...
CVE-2022-23457
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...
Design/Logic Flaw
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...
CVE-2022-23457
CVE-2022-23457 affects ESAPI (OWASP Enterprise Security API) Java legacy. The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) before version 2.3.0.0 may treat the input string as a child of the specified parent directory, potentially bypassing control-flow...
CVE-2022-23457 Path Traversal in ESAPI
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...
Microsoft Windows Common Control Library CVE-2019-0765 Remote Code Execution Vulnerability
Description Microsoft Windows Common Control Library 'Comctl32.dll' is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service...
CVE-2017-12969
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service heap corruption and crash or execute arbitrary code via a long string to the open method...
MS13-083: Vulnerability in Windows Common Control Library could allow remote code execution: October 8, 2013
MS13-083: Vulnerability in Windows Common Control Library could allow remote code execution: October 8, 2013 INTRODUCTION Microsoft has released security bulletin MS13-083. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...
[SECURITY] Fedora 20 Update: owasp-esapi-java-2.1.0-2.fc20
OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...
'libcdio' 0.7x GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27131/info The GNU Compact Disc Input and Control Library 'libcdio' is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. The issues occur when th...
MS13-083: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)
The remote host has an integer overflow vulnerability in the Windows Common Control Library. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this...