625 matches found
Memory corruption
Memory corruption in wearables while processing data from AON...
PT-2024-12400 · Wearables · Wearables
Name of the Vulnerable Software and Affected Versions: Wearables affected versions not specified Description: The issue is related to memory corruption in wearables when processing data from AON. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
Information Leakage Vulnerability in Some Huawei Products (huawei-sa-20200219-01-leak)
There is an information leakage vulnerability in some Huawei products. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-6721
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
CVE-2023-6721
CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...
CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
PT-2023-36081 · Repox · Repox
Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A vulnerability has been found that allows a remote attacker to interfere with the application's XML data processing in the fileupload function. This results in interaction between the attack...
Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...
Xxe
A vulnerability has been identified in Siemens OPC UA Modelling Editor SiOME All versions V2.8. Affected products suffer from a XML external entity XXE injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary...
Apache Arrow Deserialization Vulnerability
Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A deserialization vulnerability exists...
ROS-20231109-01
Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...
PT-2023-24164 · Audio · Audio
Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing VOC packet data from ADSP. Recommendations: At the moment, there is no information about a newer version that...
MediaTek Chip Security Breach
The MediaTek chips are a variety of MediaTek chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips due to a lack of valid range checking in the dpe module, which may allow out-of-bounds writes...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2947)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2023-5935 · Microsoft · Message Queuing +1
Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Message Queuing component of the Windows operating system. It allows remote attackers to execute...
PT-2023-5936 · Microsoft · Message Queuing +1
Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message queuing component. This can allow an attacker to execute arbitrary...
PT-2023-5934 · Microsoft · Windows Message Queuing +2
Name of the Vulnerable Software and Affected Versions: Windows Message Queuing versions affected versions not specified Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message...
PT-2023-5930 · Microsoft · Message Queuing +1
Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ versions affected versions not specified Description: The issue is related to errors in processing input data in the Message Queuing component of the Windows operating system. It allows remote attackers to execu...
PT-2023-5456 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to incorrect data processing in Microsoft Edge, allowing a remote attacker to perform a spoofing attack. Recommendations: At the moment, there is ...
CVE-2023-4863
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...