GHSA-Q6MV-284R-MP36 check-jsonschema default caching for remote schemas allows for cache confusion

Impact The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run check-jsonschema against a malicious schema URL,...

check-jsonschema default caching for remote schemas allows for cache confusion

Impact The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run check-jsonschema against a malicious schema URL,...

The vulnerability of the deployment and model management software for deep learning in the Intel Distribution of OpenVINO Model Server lies in insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the deployment and model management software for deep learning in the Intel Distribution of OpenVINO Model Server is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user input in the "overwriteip" parameter, allowing untrusted data JavaScript code to be stored and executed in the application without proper validation or escaping...

CVE-2024-11803

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11787

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerabili...

IrfanView WBZ plugin WB1 file parsing out-of-bounds write remote code execution vulnerability

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView WBZ plugin WB1 file parsing suffers from an out-of-bounds write remote code execution vulnerability caused by a lack of proper validation of user-supplied data, which can be...

IrfanView DXF File Parsing Type Obfuscation Remote Code Execution Vulnerability

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. A type-obfuscated remote code execution vulnerability exists in IrfanView DXF file parsing, which is caused by a lack of proper validation of user-supplied data and can be exploited by an...

IrfanView PSP File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability (CNVD-2024-46826)

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView PSP file parsing suffers from an out-of-bounds write remote code execution vulnerability caused by a lack of proper validation of user-supplied data, which can be exploited by an...

IrfanView SVG File Parsing Heap Buffer Overflow Remote Code Execution Vulnerability

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. A heap buffer overflow remote code execution vulnerability exists in IrfanView SVG file parsing, which is caused by failing to properly validate the length of user-supplied data before...

Google Chrome Insufficient Data Validation Vulnerability - Windows

Google Chrome is prone to an insufficient data validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-11803 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11803

CVE-2024-11803 affects Fuji Electric Tellus Lite V-Simulator 5, specifically the V-Simulator 5 (V8) file parsing component. The root cause is inadequate validation of the length of user-supplied data during V8 file parsing, leading to a write past the end of a fixed-length stack-based buffer. Thi...

CVE-2024-11801 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11801 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11793 Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in th...

CVE-2024-11789 Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerabili...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...