PT-2023-8682 · Unknown · Scalefusion

Name of the Vulnerable Software and Affected Versions: ScaleFusion versions 10.5.2 through 10.5.6 Description: The issue is related to insufficient access control in the isolated environment of Scalefusion MDM Agent, which can be exploited to impact the confidentiality, integrity, and availabilit...

Nextcloud: Self XSS when pasting HTML into Text app with Ctrl+Shift+V

A vulnerability was found where pasting HTML into the Text app using Ctrl+Shift+V would insert the HTML into the page, allowing for a potential XSS attack...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from an incorrect boundary check in the ctrlroi method of stmvl53l1module.c, which may result in an out-of-bounds read. This could result in local privilege escalatio...

CVE-2023-40292

Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets...

PT-2023-3421 · Tp Link · Tp-Link Tl-Wr941Nd +3

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N versions V2 through V4 TP-Link TL-WR941ND versions V5 through V6 TP-Link TL-WR743ND version V1 TP-Link TL-WR841N version V8 Description: The issue is related to a buffer overflow in the /userRpm/AccessCtrlAccessTargetsRpm...

Photo Gallery by Ays < 5.1.7 - Reflected XSS

The plugin does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below v 5.1.7 -...

Linux Client Shortcut Key Ctrl+Alt+Enter will work as Ctrl+Alt+Delete in Linux VDA

Normally, Ctrl+Alt+Enter from a Windows Client will change xfreerdp from "Window Mode" to "Full Screen" and vice versa in a Linux VDA's ICA session. However, on a Linux Client the same shortcut key Ctrl+Alt+Enter will work as Ctrl+Alt+Delete to the application xfreerdp in a Linux VDA's ICA sessio...

SUSE CVE-2016-9801

In BlueZ 5.42, a buffer overflow was observed in "setextctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Linux Linux_Kernel

Bypassing Spectre-BTI User Space Mitigations on Linux Th...

GSD-2023-1000569 nvme-auth: don't override ctrl keys before validation

nvme-auth: don't override ctrl keys before validation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability

SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...

CVE-2022-4141

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command...

CVE-2022-4141 Heap-based Buffer Overflow in vim/vim

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command...

SUSE: Security Advisory (SUSE-SU-2022:4085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

CVE-2022-45063

CVE-2022-45063 affects the xterm terminal emulator, where code execution could occur via font operations, specifically OSC 50 responses that may carry Ctrl‑g and enable command execution within the vi line editing mode of Zsh. Affected: xterm prior to version 375. Several connected advisories ind...

Hotkey "CTRL+Break" does not work on Windows VDA through Citrix Workspace app for Linux Clients

The CTRL+Break hotkey does not work if we launch a Windows VDA session from a Citrix Workspace for Linux client. Steps to reproduce the issue 1. Open the Windows Command Prompt in the Windows VDA session from Citrix Workspace for Linux client. 2. Run the "ping -t google.com" command 3. Press the...

PT-2022-16414 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to...

ASB-A-205837191

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-3984

CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...