SUSE CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

DEBIAN-CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-4235

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

UBUNTU-CVE-2023-4234

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodesubmitreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono versions prior to 2.1, which stems from a stack overflow error triggered by the decodesubmitreport function during SMS decoding...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono versions prior to 2.1, which stems from a stack overflow error triggered by the decodedeliverreport function during SMS decoding...

CVE-2023-44854

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the csetrslogdecode function in the acuweb file...

CVE-2023-44852

Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the csettrapsdecode function in the acuweb file...

PT-2024-13203 · Cobham · Cobham Sailor Vsat Ku

Name of the Vulnerable Software and Affected Versions: Cobham SAILOR VSAT Ku version 164B019 Description: The issue is related to a Cross Site Scripting XSS vulnerability, which allows a remote attacker to execute arbitrary code via a crafted script to the c set rslog decode function in the acu w...

CVE-2024-31386

Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...

CVE-2024-31386 Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...

WordPress Decode theme <= 3.15.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Decode versions = 3.15.3...

WordPress Decode Theme <= 3.15.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Decode Type Theme Vulnerable versions = 3.15.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cf688734f247 Credits Dhabaleshwar Das Required...

net/http, x/net/http2: close connections when receiving too many headers

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2023-45288

CVE-2023-45288 concerns an HTTP/2 HPACK processing issue where an attacker can force an endpoint to parse excessive HEADERS and CONTINUATION frames, potentially reading large, even Huffman-encoded, header data beyond intended bounds. The vulnerability arises when request headers exceed MaxHeaderB...

PT-2024-40685 · Git +1 · Openh264

Name of the Vulnerable Software and Affected Versions: Open-source software affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the WelsDec::CWelsDecoder class, specifically in the ReorderPicturesInDisplay,...

PT-2024-11215 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an incorrect limit in the filelayout decode layout function, where the size of struct nfs fh is two bytes too large, potentially leading to memory corruption. T...

CLSA-2024-1710786990 Fix CVE(s): CVE-2024-0727

SECURITY UPDATE: Potential Denial of Service via processing maliciously formatted PKCS12 file - debian/patches/CVE-2024-0727.patch: Fix decode error causing NULL pointer in PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, SMIMEwritePKCS7, pkcs12genmac and newpassp12 functions -...

SUSE CVE-2023-52491

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...

Google Pixel Security Breach

Google Pixel is a smartphone from Google Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing bounds check in the EUTRANLCSDecodeFacilityInformationElement method of the LPPLcsManagement.c file, which may result in out-of-bounds reads...