All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF

Description The plugin does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. This CSRF attack will reject a Quote in the database. 1. Go to All In One Quote Quotes 2. Click "Add quote", fill in the title, and save. 3. Find the Quote ID, convert it ...

PT-2023-35977 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash occurred due to a segmentation fault on an unknown address. The crash involved the dwg encode function in the llvmfuzz.c file. No information is...

apr: integer overflow/wraparound in apr_encode

A flaw was found in Apache Portable Runtime APR. This issue may allow a malicious attacker to write beyond the bounds of a buffer...

apr: integer overflow/wraparound in apr_encode

A flaw was found in Apache Portable Runtime APR. This issue may allow a malicious attacker to write beyond the bounds of a buffer...

PT-2023-3902 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to a use-after-free error in the HTTP CORS filter o...

OESA-2023-1402 libtiff security update

This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libti...

SUSE CVE-2023-26966

libtiff 4.5.0 is vulnerable to Buffer Overflow in uvencode when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian...

DEBIAN-CVE-2023-26966

libtiff 4.5.0 is vulnerable to Buffer Overflow in uvencode when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian...

AZL-27303 CVE-2023-26966 affecting package libtiff for versions less than 4.5.1-1

libtiff 4.5.0 is vulnerable to Buffer Overflow in uvencode when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian...

CVE-2023-21158

In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21158

In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

PT-2023-17951 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a heap buffer overflow in the encode function of miscdata.cpp, which could lead to a possible out of bounds read. This might result in local information disclosure, requiring System executio...

AZL-27181 CVE-2023-1999 affecting package libwebp for versions less than 1.3.2-1

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

ALPINE-CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

PT-2023-35857 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including ih264e cabac put byte, ih264e cabac enco...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2022-25901, CVE-2022-24823)

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Reflected Cross-Site Scripting when restoring a backup

Description A XSS vulnerability has been identified when an administrator restores a backup from a file. When using a specially crafted file, it's possible to trigger an error that will be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript cod...

PT-2023-23349 · Smartdns · Smartdns

Name of the Vulnerable Software and Affected Versions: SmartDNS versions through 41 before 56d0332 Description: The issue is caused by a stack-based buffer overflow in the dns encode domain function in the dns.c file, allowing an out-of-bounds write via a crafted DNS request. This can be exploite...

[SECURITY] Fedora 36 Update: ffmpeg-5.0.3-1.fc36

FFmpeg is a leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards...

DEBIAN-CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...