Important: firefox

Issue Overview: Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough...

Python Flask Cookie Signer

This is a generic module which can manipulate Python Flask-based application cookies. The Retrieve action will connect to a web server, grab the cookie, and decode it. The Resign action will do the same as above, but after decoding it, it will replace the contents with that in NEWCOOKIECONTENT,...

PT-2023-36008 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a null-dereference read crash. Technical details about the crash include the functions isvcd parse inter slice data cavlc enh lyr...

OSV-2023-837 Heap-buffer-overflow in uint7_get_64

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62270 Crash type: Heap-buffer-overflow READ 1 Crash state: uint7get64 cramhuffmandecodeinit cramdecoderinit...

PT-2023-36004 · Git +1 · Htslib

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the uint7 get 64, cram huffman decode init, and cram decoder init functions. No...

Medium: libtiff

Issue Overview: A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a...

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability from th...

decode-uri-component: improper input validation resulting in DoS

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...

kernel: buffer overflow in ceph file net/ceph/messenger_v2.c

An flaw was found in net/ceph/messengerv2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in cephdecode32...

PT-2024-21844

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.x through 1.0.22 phpseclib versions 2.x through 2.0.46 phpseclib versions 3.x through 3.0.35 Description An issue was discovered in phpseclib when processing the ASN.1 object identifier of a certificate. A sub identifier m...

GHSA-9V66-9239-CQV2 Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

Sql injection

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

CVE-2023-38905

CVE-2023-38905 affects Jeecg-boot v3.5.0 and earlier. The issue is an SQL injection vulnerability that a local attacker can exploit to cause a denial of service, by injecting through functions such as Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE. The availa...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

PT-2023-27099 · Unknown · Lrzip-Next

Name of the Vulnerable Software and Affected Versions: lrzip-next LZMA version 23.01 Description: The issue is related to an access violation in the component /bz3 decode block, located in the src/libbz3.c file. This access violation can be exploited, potentially leading to unintended consequence...