CVE-2023-46929

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gfavcchangevui /afltest/gpac/src/mediatools/avparsers.c:6872:55 allows attackers to crash the application...

Remote Code Execution

wrangler is vulnerable to Remote Code Execution. The vulnerability is caused due to V8 inspector intentionally allowing arbitrary code execution within Workers sandbox for debugging purpose. The wrangler dev server starts an inspector listening on all network interfaces. This allows an attacker t...

CVE-2023-7079

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file...

CVE-2023-7079

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file...

CVE-2023-7080 Arbitrary remote code execution within wrangler dev Workers sandbox

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-7079 Arbitrary remote file read in Wrangler dev server

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file...

PT-2023-32865 · Wrangler · Wrangler

Name of the Vulnerable Software and Affected Versions: wrangler versions prior to 3.19.0 wrangler versions prior to 2.20.2 Description: The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server...

WordPress Branda Plugin <= 3.4.14 is vulnerable to Bypass Vulnerability

Software Branda Type Plugin Vulnerable versions = 3.4.14 Fixed in 3.4.15 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-51542 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 6298c3f8ebb2 Credits Brandon Roldan Required privilege...

Debian DSA-5583-1 : gst-plugins-bad1.0 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5583 advisory. A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary...

async-ssh2-tokio (>=0.2.0 <=0.7.0), dev-tunnels (=0.1.0) +4 more potentially affected by CVE-2023-48795 via russh (>=0.34.0 <=0.37.1)

russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - tunnels =0.1.0 Source cves: CVE-2023-48795 Source advisory: OSV:GHSA-45X7-PX36-X8W8...

SUSE CVE-2023-49991

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c...

The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor

Summary: The Sandman Advanced Persistent Threat APT is closely linked to suspected threat clusters originating from China, specifically identified as Storm-0866, also known as Red Dev 40. Within the same victim environments, the Sandmans Lua-based malware, LuaDream, and the KEYPLUG backdoor have...

CVE-2023-49993

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c...

CVE-2023-49994

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c...

Buffer overflow

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c...

CVE-2023-49990

CVE-2023-49990 affects espeak-ng, where a buffer overflow is introduced via SetUpPhonemeTable in synthdata.c for the 1.52-dev release. The connected advisories confirm this issue across multiple distributions and note that fixes have been released: Debian lists a patched version (1.50+dfsg-7+deb1...

CVE-2023-49992

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c...

CVE-2023-49994

CVE-2023-49994 affects espeak-ng. Multiple connected sources confirm a Floating Point Exception in PeaksToHarmspect, triggered in wavegen.c, specifically for version 1.52-dev. The issue is described consistently across advisories and Nessus plugins, with affected deployments including Azure Linux...

CVE-2023-49992

CVE-2023-49992 affects espeak-ng. Multiple connected feeds confirm a Stack Buffer Overflow in espeak-ng’s dictionary.c RemoveEnding function for version 1.52-dev. Impact and exploit details are not expanded beyond the overflow description in the sources; no vendor/server-side exploit notes are pr...

CVE-2023-49994

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c...