SUSE CVE-2006-1608

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI...

SUSE CVE-2017-8361

The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

SUSE CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper...

SUSE CVE-2018-13875

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VMmemcpyvv in H5VM.c...

SUSE CVE-2018-14031

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Tcopy in H5T.c...

SUSE CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

SUSE CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

Velociraptor vulnerable to Missing Authorization

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

CVE-2023-0242

Technical details (affected components, versions, exploit steps, mitigations) for CVE-2023-0242 are not provided in the connected documents. Monitor for updates from authoritative sources to obtain concrete technical details and remediation guidance.

PT-2023-16105 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.7-5 Description: The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy function not checking for permission to write files. T...

PT-2022-36799 · Git +1 · Relic

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE crash has been reported, involving functions such as dv copy, bn lsh, and cryptofuzz::module::relic bignum::LShift1::Run...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF v4.04 version of a security vulnerability , the vulnerability stems from the attacker can be achieved through its xpdf/Stream.cc component of the...

AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

UBUNTU-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developer jindw. A security vulnerability exists in XMLDOM versions prior to 0.8.3, which stems from the discovery that the p variable of the copy function of the dom.js of the XMLDOM package contains a prototype...

PT-2022-24028 · Npm +2 · @Xmldom/Xmldom +2

Name of the Vulnerable Software and Affected Versions: @xmldom/xmldom versions prior to 0.8.3 Description: A prototype pollution vulnerability exists in the function copy in dom.js via the p variable. This issue is disputed by the vendor and some third parties, with attempts to create a proof of...

PT-2022-22499 · Unknown +4 · Advancecomp +4

Name of the Vulnerable Software and Affected Versions: Advancecomp version 2.3 Description: A heap buffer overflow issue was discovered in Advancecomp via the component interceptor memcpy at /sanitizer common/sanitizer common interceptors.inc. This issue affects the specified version of...

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation...

JFrog Artifactory 安全漏洞

Jfrog JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's Jfrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for tracking artifact automation from development to production. A security vulnerabilit...