137 matches found
UBUNTU-CVE-2024-49760
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...
Agnaistic 安全漏洞
Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker can exploit this vulnerability to read arbitrary JSON files at any location on the server...
AZL-48412 CVE-2024-8006 affecting package nmap for versions less than 7.95-2
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcapfindalldevsex. One of the function arguments can be a filesystem path, which normally means a directory with...
R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–<4.4.0)
...
PT-2024-26268 · Taurusxin · Ncmdump
Name of the Vulnerable Software and Affected Versions: taurusxin ncmdump version 1.3.2 Description: The issue allows attackers to cause a Denial of Service DoS via memory exhaustion by supplying a crafted .ncm file. Recommendations: For version 1.3.2, consider avoiding the use of crafted .ncm fil...
The vulnerability of the R programming language interpreter, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code in the target system.
The vulnerability of the R programming language interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using specially created RDS and .rdx files...
DEBIAN-CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
Code injection
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
Code injection
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...
CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...
CVE-2023-42526
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...
CVE-2023-42526
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...
The vulnerability of Adobe Dimension’s 3D design software lies in the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.
The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory when processing USD files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...
SUSE CVE-2021-42771
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...
GO-2022-1040 Insufficient sanitization of data files in helm.sh/helm/v3
Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen...
[SECURITY] Fedora 36 Update: golang-github-axgle-mahonia-0-0.14.20181112git3358181.fc36
Mahonia is a character-set conversion library implemented in Go. All data is compiled into the executable; it doesn't need any external data files...