Stack overflow

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code...

Xlight FTP 缓冲区错误漏洞

Xlight FTP is a high performance and easy to use FTP server software from Xlight FTP. It makes file transfers secure and easy to use. A security vulnerability exists in Xlight FTP version v3.9.3.2, which originates from the inclusion of a stack-based buffer overflow. An attacker can exploit this...

Celery local privilege escalation vulnerability

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryddetach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving...

GHSA-RPC6-H455-3RX5 Celery local privilege escalation vulnerability

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryddetach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving...

Inefficient Regular Expression Complexity in fb55/nth-check

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through out of bounds memory access in developer tools that allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

CVE-2020-27974

NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUSSCMBlockStart.php?code= XSS...

CVE-2020-3138

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

DEBIAN-CVE-2019-14486

GnuCOBOL 2.2 has a buffer overflow in cbevaluateexpr in cobc/field.c via crafted COBOL source code...

CVE-2019-14468

GnuCOBOL 2.2 has a buffer overflow in cbpushop in cobc/field.c via crafted COBOL source code...

GHSA-2MW7-WGGM-M6W3 Denial of Service in ethereumjs-vm

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service vm.runCode failure and REVERT via a "code: Buffer.frommycode, 'hex'" attribute...

CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2018-15185

PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service page update outage via crafted PHP and JavaScript code in the "Current Position" field...

BSA-2018-522

Security Advisory ID : BSA-2018-522 Component : HW: CPU Revision : 1.2: Interim In total, security researchers disclosed three variants of CPU Data cache timing abuse. The variants lead to vulnerabilities that take advantage of the implementation of speculative execution of instructions on many...

Product update: Virtuozzo 7.0 Update 5 (7.0.5-593)

The Update 5 for Virtuozzo 7.0 provides new features, security fixes as well as stability and usability bug fixes. Vulnerability id: PSBM-67221 A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user could cause a kernel crash general protection fault in th...

CVE-2017-5949

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service heap-based out-of-bounds write and application crash or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory...

CVE-2016-10222

CVE-2016-10222 concerns an issue in WebKit’s JavaScriptCore: runtime/JSONObject.cpp in Safari Technology Preview Release 18 allows remote attackers to cause a denial of service (segmentation fault and crash) by crafting JavaScript that triggers a type confusion during JSON.stringify. The connecte...

Google Chrome Blink Content Misreference Vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A content misreference vulnerability exists in the WebKit/Source/core/editing/VisibleUnits.cpp file in Blink used in versions prior to Google...

Design/Logic Flaw

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517...