PT-2023-6178 · Libxpm +10 · Libxpm +10

Name of the Vulnerable Software and Affected Versions: libXpm affected versions not specified Description: The issue is related to a boundary condition within the XpmCreateXpmImageFromBuffer function of the libXpm library, which can lead to an out-of-bounds read error. This allows a local attacke...

PT-2023-6111 · Libx11 +10 · Libx11 +10

Name of the Vulnerable Software and Affected Versions: libX11 affected versions not specified Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with...

CVE-2023-33972

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

Scylla Security Breach

Scylla is a ScyllaDB open source real-time big data database compatible with Apache Cassandra and Amazon DynamoDB APIs. Scylla has a security vulnerability that stems from allowing an attacker with CREATE access to elevate to higher privileges...

Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2023-003)

The version of libpq installed on the remote host is prior to 12.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-003 advisory. 2024-02-29: CVE-2021-23222 was added to this advisory. A man-in-the-middle attacker can inject false responses to...

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

The vulnerability of the software for managing medical organizations like OpenEMR, related to deficiencies in access control, allows a intruder to view, create, and edit protected information.

The vulnerability of the software for managing medical organizations like OpenEMR is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to remotely view, create, and edit protected information...

GHSA-C647-PXM2-C52W Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

Impact In certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. - For rawcall, the argument buffer of the call can be corrupted, leading to incorrect calldata in the sub-context. - For createfromblueprint and createcopyof, the buffer f...

CVE-2022-47555

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

Command injection

UNSUPPPORTED WHEN ASSIGNED Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

Vyper Buffer Error Vulnerability

Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in versions of Vyper prior to 0.3.10, which stems from the fact that the memory createfromblueprint and possibly createcopyof used by built-in functions can become corrupted under certain circumstances...

CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow do...

CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow do...